[28102] in Kerberos
Implementing OTP mechanism with existing kerberos
daemon@ATHENA.MIT.EDU (Gopal Paliwal)
Wed Jul 25 16:32:18 2007
Message-ID: <6a113f920707251331o2c2f3d8ci55df6fb770aa8fd2@mail.gmail.com>
Date: Wed, 25 Jul 2007 13:31:29 -0700
From: "Gopal Paliwal" <gopalpaliwal@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i will be
generating this OTP with a hardware token.
Also, i will be encrypting time-stamp with password & OTP.
At the kerberos authentication server, I will be able to generate a OTP.
Now, the problem which I will face is that kerberos doesn't store passwords
in clear form. & I somehow need to form a key at kerberos authentication
server side to decrypt the time-stamp sent in the AS_REQ message by user.
That key will be made up of OTP + password.
Can someone point me out the mechanism as to how can I obtain password in
clear form or other way with which I will be able to resolve my doubt.
-gopal
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos