On Mon, 22 Apr 2002, Jordan Hubbard wrote:
> That would be my question as well, especially since "everyone else" > seems to use that default. Thanks to all who responded, and so quickly > at that - this at least clarified the situation (and gave me a way > out!). This was discussed fairly extensively regarding -current: basically, s/key is "greedy" and attempts to fake s/key responses even for users who don't have s/key enabled. Nothing is wrong with challenge response -- arguably, that's a cleaner way to handle things as a default in the client, since it means if you connect to a server that does want to use challenge response, it DTRT. The fix in -CURRENT, I believe, was to make s/key "faking" for non-enabled users be an option, and to turn the option off by default. That fix relies on the extensive PAM updates in -CURRENT however; in -STABLE it can probably be similarly replicated via appropriate tweaking of sshd (?). Robert N M Watson FreeBSD Core Team, TrustedBSD Project [EMAIL PROTECTED] NAI Labs, Safeport Network Services To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
