On Mon, Jun 24, 2002 at 08:54:04AM -0700, Jason R Thorpe wrote:
> 
> One of the most annoying things about GSSAPI for SSHv2 is the occasional
> rekeying that the SSHv2 transport does.  What happens is that the user's
> ticket eventually expires during the login session, a rekey is attempted,
> and the session is killed because the rekey failed due to expired ticket.
> Now, while this may be strictly correct ("of course the session should
> die once the ticket expires!"), it is different from every other login
> mechanism that uses Kerberos that I am aware of.
> 
I'm jumping in here, late, and with no regard to any message that may
have followed this.  Wouldn't this particular problem be resolved by
following the DHCP lease renewal rules: apply for a new lease half way
to expiry?

I haven't ever investigated the SSH protocol, so I could be right out
of turn, but that seems an obvious correction to the problem as Jason
formulated it.

I'll be happy to be corrected and informed.

++L