Re: Generic challenge-repsonse aunetication in ssh2

[Andreas Siegert]

Quoting Tero Kivinen ([EMAIL PROTECTED]):
> Niels M�ller writes:
> > The existing ssh userauth mechanisms lets the client side "drive" the
> > authentication process; the user decides, for instance, whether to
> > attempt login using a password or using some smartcard.
> 
> No. The current userauth mechanisms allows either side "drive" the
> authentication. If the server wants to drive the authentication it
> only offers one authentication method at time to the clinet, and
> client has to do that or fail. If the server wants to allow client to
> drive the it can just give the full list. 

Unfortunately the server can not force a certain sequence of methods to try or
restrict methods based on usr id.
Both of those things are desperately needed.

bye
afx
-- 
Andreas Siegert       [EMAIL PROTECTED] / [EMAIL PROTECTED] / AFX at IPNET
Every time we've moved ahead in IBM, it was because someone was willing to take
a chance, put his head on the block, and try something new - Thomas Watson, Jr.
PGP Key: www.muc.de/~afx/pubkey.asc, DF7F 8B58 22BE 3B37 C72B 4184 2900 1141