IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: reauthentication
On Tue, 28 Aug 2001, Jakob Schlyter wrote:
> has anyone considered adding reauthentication support for ssh? I like the
> server to request that the client reauthenticates from time to time.
Expiring credentials was breifly touched appon at the 50th IETF when
disucssing the GSS drafts - since the underlying Kerberos tickets will
expire what should happen to the SSH protocol connection.
> this could be very useful for some authentication methods, e.g. smartcard,
> where the authentication process requires a physical device to be attached
> to the client - if the device is removed, the connection could be
> terminated.
The server would have to trust that the client told it the card went away
since the server would not have direct access to the card itself.
In fact the server would never actually know a card was been used all
the server knows is what authentication mech was user in ssh-userauth.
--
Darren J Moffat
Home |
Main Index |
Thread Index |
Old Index