Re: reauthentication

To: Jakob Schlyter <jakob%crt.se@localhost>
Subject: Re: reauthentication
From: Darren J Moffat <darrenm%eng.sun.com@localhost>
Date: Tue, 28 Aug 2001 12:43:58 -0700 (PDT)

On Tue, 28 Aug 2001, Jakob Schlyter wrote:

> has anyone considered adding reauthentication support for ssh? I like the
> server to request that the client reauthenticates from time to time.

Expiring credentials was breifly touched appon at the 50th IETF when
disucssing the GSS drafts - since the underlying Kerberos tickets will
expire what should happen to the SSH protocol connection.

> this could be very useful for some authentication methods, e.g. smartcard,
> where the authentication process requires a physical device to be attached
> to the client - if the device is removed, the connection could be
> terminated.

The server would have to trust that the client told it the card went away
since the server would not have direct access to the card itself.

In fact the server would never actually know a card was been used all
the server knows is what authentication mech was user in ssh-userauth.

--
Darren J Moffat

Follow-Ups:
- Re: reauthentication
  - From: Jakob Schlyter

References:
- reauthentication
  - From: Jakob Schlyter

Prev by Date: reauthentication
Next by Date: Re: reauthentication
Previous by Thread: reauthentication
Next by Thread: Re: reauthentication
Indexes:

Home | Main Index | Thread Index | Old Index