[39010] in Kerberos
Re: 2FA with krb5
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Thu Oct 7 14:39:15 2021
Message-ID: <202110071835.197IZZDh007055@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Jochen Kellner <jochen@jochen.org>
In-Reply-To: <835yu8agao.fsf@jochen.org>
MIME-Version: 1.0
Date: Thu, 07 Oct 2021 14:35:35 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>I've been running Privacyidea (https://www.privacyidea.org/) for some
>time to manage the tokens. Exposed the Application with RADIUS and told
>FreeIPA to authenticate against RADIUS. Had some rough edges, but was
>usable for me and is able to manage many kinds of tokens.
So what's the _client_ look like? Specifically, are you doing FAST-OTP?
If so, what client software are you using? Does this only work on
systems with host keys, or do you do anonymous PKINIT?
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos