Re: reauthentication

To: Darren J Moffat <darrenm%eng.sun.com@localhost>
Subject: Re: reauthentication
From: Jakob Schlyter <jakob%crt.se@localhost>
Date: Tue, 28 Aug 2001 21:58:58 +0200 (MEST)

On Tue, 28 Aug 2001, Darren J Moffat wrote:

> > this could be very useful for some authentication methods, e.g. smartcard,
> > where the authentication process requires a physical device to be attached
> > to the client - if the device is removed, the connection could be
> > terminated.
>
> The server would have to trust that the client told it the card went away
> since the server would not have direct access to the card itself.

if the card is removed the client can't reauthenticate (since the private
key is only on the card).

> In fact the server would never actually know a card was been used all
> the server knows is what authentication mech was user in ssh-userauth.

the administrator can choose only to trust public keys (raw or from x.509
certificates) known to come from smartcards.

	jakob

Follow-Ups:
- Re: reauthentication
  - From: Darren J Moffat

References:
- Re: reauthentication
  - From: Darren J Moffat

Prev by Date: Re: reauthentication
Next by Date: Re: reauthentication
Previous by Thread: Re: reauthentication
Next by Thread: Re: reauthentication
Indexes:

Home | Main Index | Thread Index | Old Index