GSS-API routine for renewing credentials

Nicolas Williams Nicolas.Williams at sun.com
Wed Apr 18 16:23:46 EDT 2007


On Wed, Apr 18, 2007 at 08:25:39PM +0200, Robert wrote:
> Does anyone know whether there is a routine in GSS-API to renew (forwarded)
> client credentials? I'm unable to locate such a routine in GSS-API, but 
> maybe
> I'm overlooking it.

There's no such thing.

In SSHv2 we deal with this by re-keying the SSHv2 session and, in the
process, establishing a new GSS-API security context, which is an
opportunity to delegate a new credential.

I.e., you have to establish a new security context.

Nico
-- 



More information about the Kerberos mailing list