[28567] in Kerberos
Documentation/Implementation of +requires_hwauth principal attribute.
daemon@ATHENA.MIT.EDU (Romain Komorn)
Tue Oct 16 23:01:53 2007
Date: Tue, 16 Oct 2007 16:30:05 -0700 (PDT)
From: Romain Komorn <rkomorn@dofc.org>
To: kerberos@mit.edu
Message-ID: <20071016161502.O1412@certainty.dofc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greetings,
I can't seem to find solid documentation on whether or not MIT's KDC has
functionality supporting the use of the "requires_hwauth" attribute.
Although the attribute is documented, I don't see any references to how it
would be configured on the back end. Is there documentation available
discussing how hardware auth can be set up, or how kerberos should be
extended to support it?
To what extent does v1.5 (or 1.6) support setting that attribute on
principals?
And how does the attribute affect policy settings? Since hardware auth can
include OTP tokens, should a separate policy be created that doesn't
enforce password lifetimes?
URLs to documentation/examples would be greatly appreciated.
Romain Komorn
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos