From 1d75f22c5d99ce1a4c7a87c7ae042a33fbeefefb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 1 Mar 2007 21:31:28 +1100 Subject: - dtucker@cvs.openbsd.org 2007/03/01 10:28:02 [auth2.c sshd_config.5 servconf.c] Remove ChallengeResponseAuthentication support inside a Match block as its interaction with KbdInteractive makes it difficult to support. Also, relocate the CR/kbdint option special-case code into servconf. "please commit" djm@, ok markus@ for the relocation. --- servconf.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'servconf.c') diff --git a/servconf.c b/servconf.c index c6a8043de..1e3c213a5 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.169 2007/02/22 12:58:40 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -357,7 +357,7 @@ static struct { #endif { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, - { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_ALL }, + { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */ { "checkmail", sDeprecated, SSHCFG_GLOBAL }, { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, @@ -1350,7 +1350,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); M_CP_INTOPT(kbd_interactive_authentication); - M_CP_INTOPT(challenge_response_authentication); M_CP_INTOPT(allow_tcp_forwarding); M_CP_INTOPT(gateway_ports); @@ -1388,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, if (bad_options > 0) fatal("%s: terminating, %d bad configuration options", filename, bad_options); + + /* challenge-response is implemented via keyboard interactive */ + if (options->challenge_response_authentication == 1) + options->kbd_interactive_authentication = 1; } -- cgit v1.2.3