GSS-API routine for renewing credentials
Nicolas Williams
Nicolas.Williams at sun.com
Wed Apr 18 16:23:46 EDT 2007
On Wed, Apr 18, 2007 at 08:25:39PM +0200, Robert wrote:
> Does anyone know whether there is a routine in GSS-API to renew (forwarded)
> client credentials? I'm unable to locate such a routine in GSS-API, but
> maybe
> I'm overlooking it.
There's no such thing.
In SSHv2 we deal with this by re-keying the SSHv2 session and, in the
process, establishing a new GSS-API security context, which is an
opportunity to delegate a new credential.
I.e., you have to establish a new security context.
Nico
--
More information about the Kerberos
mailing list