Hi, While Kerberos has a mechanism to refresh its tickets, SASL PLAIN has no such feature. This means if a client is connected, as far as I can tell, we have currently no way of disconnecting him, revoking his credentials won't help.
I think it would be useful to have a way to force clients to refresh their SASL session periodically and disconnect them if their credentials have expired. What do you think ?
