On 19 September 2011 20:40, John Arbash Meinel <j...@arbash-meinel.com> wrote: >>> Ah yeah, I see what you mean looking at the code. My code >>> accepts any authentication at all for the anonymous username >>> though, so if bzr finds a key and offers it, it will be accepted >>> (without looking at the key at all). I guess this means that the >>> user might get prompted to decrypt their key and that could be a >>> bit confusing.
Perhaps it will avoid confusion for the server to decline key authentication and wait for the client to offer 'none'. > If there is a standard somewhere, which says you should always try > 'auth_none' first, we could certainly move it. It did seem a little > silly to do an auth_none round trip to find out that rsa > authentication was supported, rather than doing the rsa authentication > first. (I think if rsa fails, then you should have the list of what is > supported anyway.) > > So, I'd be happy to confirm if there is a real standard, but saving a > round trip seems worthwhile, too. I think it's definitely worth trying the most likely one first (key auth) unless there's a problem with that. m _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
