Matthew Vernon
2001-Jul-21 13:03 UTC
ChallengeResponseAuthentication - typos and inconsistancies?
Hi, It seems from the source code that there are a couple of quirks with this option: firstly, in the code it's mis-spelt as "challenge_reponse_authentication" and secondly, the default for the client (in readconf.c) seems to be off, whereas for the server (servconf.c) seems to be on: readconf.c: if (options->challenge_reponse_authentication == -1) readconf.c: options->challenge_reponse_authentication = 0; servconf.c: if (options->challenge_reponse_authentication == -1) servconf.c: options->challenge_reponse_authentication = 1; Finally, the manual page says: The default is ``no''. Which set of defaults should be kept? in any case, the man page should agree with the code... Cheers, Matthew -- "At least you know where you are with Microsoft." "True. I just wish I'd brought a paddle." http://www.debian.org
Markus Friedl
2001-Jul-21 20:31 UTC
ChallengeResponseAuthentication - typos and inconsistancies?
On Sat, Jul 21, 2001 at 02:03:44PM +0100, Matthew Vernon wrote:> Hi, > > It seems from the source code that there are a couple of quirks > with this option: > > firstly, in the code it's mis-spelt as > "challenge_reponse_authentication"this should be fixed since time ago.
Dave Dykstra
2001-Jul-26 18:49 UTC
ChallengeResponseAuthentication - typos and inconsistancies?
On Sat, Jul 21, 2001 at 02:03:44PM +0100, Matthew Vernon wrote:> Hi, > > It seems from the source code that there are a couple of quirks > with this option: > > firstly, in the code it's mis-spelt as > "challenge_reponse_authentication"As Markus said, this is fixed in the current CVS.> and secondly, the default for the client (in readconf.c) seems to be > off, whereas for the server (servconf.c) seems to be on: > readconf.c: if (options->challenge_reponse_authentication == -1) > readconf.c: options->challenge_reponse_authentication = 0; > servconf.c: if (options->challenge_reponse_authentication == -1) > servconf.c: options->challenge_reponse_authentication = 1; > Finally, the manual page says: > The default is ``no''. > > Which set of defaults should be kept? in any case, the man page should > agree with the code...The sshd man page does say the Default is yes; only the ssh client says no. It only matters if you've got authentication code configured. - Dave Dykstra