[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    Re: per user authentication types?
From:       Garance A Drosihn <drosih () rpi ! edu>
Date:       2006-04-10 18:49:13
Message-ID: p0623090cc06057319d6b () [128 ! 113 ! 24 ! 47]
[Download RAW message or body]

At 1:17 PM +1000 4/8/06, Darren Tucker wrote:
>
>There's been some work[1] recently to extend sshd_config
>to allow it to apply some config directives based on
>certain attributes of the connection.  If you're prepared
>to try the patch, it allows for directives in sshd_config
>such as:
>
>PasswordAuthentication no
>Match User user1,user2
>	PasswordAuthentication yes
>Match Group pwallowed
>	PasswordAuthentication yes
>
>and similar.
>
>[1] http://bugzilla.mindrot.org/show_bug.cgi?id=1180

Hmm.

This probably conflicts with some changes I've been working
on, although I do agree that this is the better way to handle
many of the options.  I just have to figure out how this will
alter things wrt what I have been working on.

I think the above would work better if one could define a
group of attributes (values for PasswordAuthentication, etc),
and then specify that group of attributes on a 'match'
directive.

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu
[prev in list] [next in list] [prev in thread] [next in thread]