IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: reauthentication



On Tue, 28 Aug 2001, Darren J Moffat wrote:

> > if the card is removed the client can't reauthenticate (since the private
> > key is only on the card).
>
> Correct but that doesn't happen when the card is removed only when
> the reauthentication triggers from the server side of the connection,
> which isn't how I had read your suggestion.

reauthentication would always be requested by the server and reponded to
by the client. I can't currently see why the client would like request
reauthentication.

> If you are happy with that then it takes smartcard out of the picture
> as far as the protocol is concerned but should provide you with near
> to the functionality you want with a smartcard being removed.

the smartcard was just an example, I could see uses for reauthentication
for other methods like passwords, challenge-response and kerberos.

reauthentication is gives the server the possibly to check if "someone" is
still there. once again, this is still dependant on the authentication
method - e.g. if the client is using an ssh key agent, thet "someone"
might always be there.

	jakob




Home | Main Index | Thread Index | Old Index