A couple of things we might want to support.
First, in the case of GSS authentication failure, when GSS prompting is enabled for SSH, restarting the GSS authentication. This is possible at the SSH protocol level without dropping the connection (I implemented it for PuTTY).
Another thing, which I thought would be fairly intrusive to the MIT code but actually seems not to be, is to support restarting authentication after prompting with a single GSS context. (Obviously this requires cooperating mechanisms.)
This is possible on Windows with NegoEx. Context establishment returns, say, GSS_S_PROMPTING_NEEDED; the application prompts the user and acquires a new credential which it passes to gss_init_sec_context() (with the existing GSS context). The application sees a single GSS context exchange.
On Windows, this pattern is only supported with NegoEx, so the first solution may be better for some applications (including OpenSSH, which will not negotiate SPNEGO -- although my recent patch changes this if the mechanism OID is explicitly specified).
-- Luke
|