===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/monitor.c,v
retrieving revision 1.11.4.1
retrieving revision 1.12
diff -u -r1.11.4.1 -r1.12
--- src/usr.bin/ssh/monitor.c	2002/06/02 22:56:10	1.11.4.1
+++ src/usr.bin/ssh/monitor.c	2002/06/04 19:42:35	1.12
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.11.4.1 2002/06/02 22:56:10 miod Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.12 2002/06/04 19:42:35 markus Exp $");
 
 #include <openssl/dh.h>
 
@@ -559,7 +559,8 @@
 
 	passwd = buffer_get_string(m, &plen);
 	/* Only authenticate if the context is valid */
-	authenticated = authctxt->valid && auth_password(authctxt, passwd);
+	authenticated = options.password_authentication &&
+	    authctxt->valid && auth_password(authctxt, passwd);
 	memset(passwd, 0, strlen(passwd));
 	xfree(passwd);
 
@@ -620,7 +621,8 @@
 		fatal("%s: no bsd auth session", __FUNCTION__);
 
 	response = buffer_get_string(m, NULL);
-	authok = auth_userresponse(authctxt->as, response, 0);
+	authok = options.challenge_response_authentication &&
+	    auth_userresponse(authctxt->as, response, 0);
 	authctxt->as = NULL;
 	debug3("%s: <%s> = <%d>", __FUNCTION__, response, authok);
 	xfree(response);
@@ -666,7 +668,8 @@
 
 	response = buffer_get_string(m, NULL);
 
-	authok = (authctxt->valid &&
+	authok = (options.challenge_response_authentication &&
+	    authctxt->valid &&
 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
 
@@ -722,15 +725,18 @@
 	if (key != NULL && authctxt->pw != NULL) {
 		switch(type) {
 		case MM_USERKEY:
-			allowed = user_key_allowed(authctxt->pw, key);
+			allowed = options.pubkey_authentication &&
+			    user_key_allowed(authctxt->pw, key);
 			break;
 		case MM_HOSTKEY:
-			allowed = hostbased_key_allowed(authctxt->pw,
+			allowed = options.hostbased_authentication &&
+			    hostbased_key_allowed(authctxt->pw,
 			    cuser, chost, key);
 			break;
 		case MM_RSAHOSTKEY:
 			key->type = KEY_RSA1; /* XXX */
-			allowed = auth_rhosts_rsa_key_allowed(authctxt->pw,
+			allowed = options.rhosts_rsa_authentication &&
+			    auth_rhosts_rsa_key_allowed(authctxt->pw,
 			    cuser, chost, key);
 			break;
 		default:
@@ -920,7 +926,7 @@
 	buffer_put_int(m, verified);
 	mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
 
-	auth_method = "publickey";
+	auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
 
 	return (verified);
 }
@@ -1099,7 +1105,7 @@
 
 	debug3("%s entering", __FUNCTION__);
 
-	if (authctxt->valid) {
+	if (options.rsa_authentication && authctxt->valid) {
 		if ((client_n = BN_new()) == NULL)
 			fatal("%s: BN_new", __FUNCTION__);
 		buffer_get_bignum2(m, client_n);