On 2014/01/05 13:10, Remi Locherer wrote: > + /* only test the password if yubikey auth was successful */
This should be done even if Yubikey auth fails, to avoid disclosing information due to timing.
- new login style: yubikey-and-pwd Remi Locherer
- Re: new login style: yubikey-and-pwd Remi Locherer
- Re: new login style: yubikey-and-pwd Stuart Henderson
- Re: new login style: yubikey-and-pwd Remi Locherer
- Re: new login style: yubikey-and-pwd Kent R. Spillner
- Re: new login style: yubikey-and-pwd Remi Locherer
- Re: new login style: yubikey-and-pwd Kent R. Spillner
- Re: new login style: yubikey-and-pwd Remi Locherer
