Tim, * Tim Watts (tim.j.watts@xxxxxxxxx) wrote: > I presume the protocol does not allow the server to send a succession of > "Type: Authentication request" packets with different Authentication > types until it deems that one is acceptable? Even if it did, existing clients would very likely be confused by it.. To be honest, I don't have a solution in mind for how to make this happen, I was really just pointing out that there's a difference between "we won't do that because we don't trust the sysadmin" and "that's not an option due to how the system works today". Perhaps one option would be to look at the Negotiate protocol which mod_auth_kerb and friends use and perhaps have that as an explicitly new auth mechanism. A server set up to provide that would, of course, have to consider if its users supported it or not but that's true already- you can have situation already though, a given client might not support gssapi, for example. Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature