[39027] in Kerberos
Re: 2FA with krb5
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Oct 15 17:52:16 2021
Message-ID: <202110152149.19FLngoW009481@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Charles Hedrick <hedrick@rutgers.edu>
In-Reply-To: <66D2C934-E3FF-4A81-9576-B32396A98000@rutgers.edu>
MIME-Version: 1.0
Date: Fri, 15 Oct 2021 17:49:42 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>We use TOTP. That allows us to tack the token on the end of the
>password. That makes it easy to fix programs that expect a simple
>password prompt.
>
>In fact I have a wrapper that can be interposed around pretty much
>anything use LD_PRELOAD.
>[...]
Well, that answers PART of my question. And I am guessing based on
the README for that you use k5start to generate the FAST armor cache
using the host key in the keytab? But this seems kind of RADIUS
specific; do you use TOTP for people who just use kinit?
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
