From 1969da0208070fdf385a2a0c87990ea33601bc31 Mon Sep 17 00:00:00 2001
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Sat, 20 Nov 2004 17:47:40 +0000
Subject: [PATCH] XXX comment in the logic which sends failed password auth
 back to username prompt for keyboard-interactive. I suspect we should do the
 same with that method (especially given the apparent number of systems that
 use it for regular password auth), but in the absence of systems to test
 against I've not actually made the change. (I'm worried that the `partial
 success' field might not be set correctly in a multi-stage authentication,
 for instance.)

[originally from svn r4850]
---
 ssh.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssh.c b/ssh.c
index 461ade68..8c71e6df 100644
--- a/ssh.c
+++ b/ssh.c
@@ -5020,6 +5020,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 			logevent("Access denied");
 			if (s->type == AUTH_TYPE_PASSWORD &&
 			    ssh->cfg.change_username) {
+			    /* XXX perhaps we should allow
+			     * keyboard-interactive to do this too? */
 			    s->we_are_in = FALSE;
 			    break;
 			}