[28104] in Kerberos
RE: Implementing OTP mechanism with existing kerberos
daemon@ATHENA.MIT.EDU (Tim Alsop)
Wed Jul 25 17:27:16 2007
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 25 Jul 2007 22:25:49 +0100
Message-ID: <0D8F2EFD3A10E24DAEEA48EA6DA07D30334E38@postman-pat.csafe.local>
In-Reply-To: <6a113f920707251331o2c2f3d8ci55df6fb770aa8fd2@mail.gmail.com>
From: "Tim Alsop" <Tim.Alsop@CyberSafe.Com>
To: "Gopal Paliwal" <gopalpaliwal@gmail.com>, <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Gopal,
It is not easy, but once it is done you get a nice solution - see below
:
-----Original Message-----
From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
Behalf Of Gopal Paliwal
Sent: 25 July 2007 21:31
To: kerberos@mit.edu
Subject: Implementing OTP mechanism with existing kerberos
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i
will be
generating this OTP with a hardware token.
Also, i will be encrypting time-stamp with password & OTP.
At the kerberos authentication server, I will be able to generate a OTP.
Now, the problem which I will face is that kerberos doesn't store
passwords
in clear form. & I somehow need to form a key at kerberos authentication
server side to decrypt the time-stamp sent in the AS_REQ message by
user.
That key will be made up of OTP + password.
Can someone point me out the mechanism as to how can I obtain password
in
clear form or other way with which I will be able to resolve my doubt.
-gopal
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos