Subject: Re: rfc2228 in ftpd
To: None <email@example.com>
From: Ken Hornstein <firstname.lastname@example.org>
Date: 06/25/2002 00:37:22
>> One of the most annoying things about GSSAPI for SSHv2 is the occasional
>> rekeying that the SSHv2 transport does. What happens is that the user's
>> ticket eventually expires during the login session, a rekey is attempted,
>> and the session is killed because the rekey failed due to expired ticket.
>> Now, while this may be strictly correct ("of course the session should
>> die once the ticket expires!"), it is different from every other login
>> mechanism that uses Kerberos that I am aware of.
>I'm jumping in here, late, and with no regard to any message that may
>have followed this. Wouldn't this particular problem be resolved by
>following the DHCP lease renewal rules: apply for a new lease half way
Sadly, no. The issue is that ones _Kerberos_ tickets are going to expire,
not the SSH rekey. And there's not an easy way to reprompt for those
when using the GSSAPI.