Re: reauthentication

To: Darren J Moffat <darrenm%eng.sun.com@localhost>
Subject: Re: reauthentication
From: Jakob Schlyter <jakob%crt.se@localhost>
Date: Tue, 28 Aug 2001 22:13:42 +0200 (MEST)

On Tue, 28 Aug 2001, Darren J Moffat wrote:

> > if the card is removed the client can't reauthenticate (since the private
> > key is only on the card).
>
> Correct but that doesn't happen when the card is removed only when
> the reauthentication triggers from the server side of the connection,
> which isn't how I had read your suggestion.

reauthentication would always be requested by the server and reponded to
by the client. I can't currently see why the client would like request
reauthentication.

> If you are happy with that then it takes smartcard out of the picture
> as far as the protocol is concerned but should provide you with near
> to the functionality you want with a smartcard being removed.

the smartcard was just an example, I could see uses for reauthentication
for other methods like passwords, challenge-response and kerberos.

reauthentication is gives the server the possibly to check if "someone" is
still there. once again, this is still dependant on the authentication
method - e.g. if the client is using an ssh key agent, thet "someone"
might always be there.

	jakob

References:
- Re: reauthentication
  - From: Darren J Moffat

Prev by Date: Re: reauthentication
Next by Date: cooked mode sessions
Previous by Thread: Re: reauthentication
Next by Thread: cooked mode sessions
Indexes:

Home | Main Index | Thread Index | Old Index