Alexander Lamaison wrote:
> I've not checked the spec lately so can't swear to it but I don't
> think a server is allowed to _require_ multiple authentication
> methods.
It is. Check RFC 4252 5.1, the partial success field.
> What it is allowed to do is say that it supports a method
> but then fail to honour that.
Well.. No, the method must be accepted, but there could be policy
that means that it will always fail.
> When the first attempt returns failure, you handle this by trying
> the next available method.
Yes, although clients might not bother. But partial success should be
treated simply as a "all good so far, carry on".. In a way similar to
the previous method just not being supported.
//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-12-23