* Additionally, if we'd just tried password
* authentication, we should break out of this
* whole loop so as to go back to the username
- * prompt.
+ * prompt (iff we're configured to allow
+ * username change attempts).
*/
if (s->type == AUTH_TYPE_NONE) {
/* do nothing */
} else {
c_write_str(ssh, "Access denied\r\n");
logevent("Access denied");
- if (s->type == AUTH_TYPE_PASSWORD) {
+ if (s->type == AUTH_TYPE_PASSWORD &&
+ ssh->cfg.change_username) {
+ /* XXX perhaps we should allow
+ * keyboard-interactive to do this too? */
s->we_are_in = FALSE;
break;
}