[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: Kerberos and OTP
From: Diogenes Jesus <splash () gmail ! com>
Date: 2016-06-30 8:01:29
Message-ID: ED51EF24-C0E9-4674-A2B4-30B0AC1B54D2 () gmail ! com
[Download RAW message or body]
Hi Laurent.
Alternatively you can enable anonymous authentication (don't forget to restrict \
anonymous to only TGT in kdc.conf).
That way it's not required to kinit with host first (you just kinit -n).
Dio
> On 29 Jun 2016, at 16:06, <Laurent.Bastet@i-carre.net> <Laurent.Bastet@i-carre.net> \
> wrote:
> Hello Dmitri,
>
> Thanks for your reply, it's working fine now.
>
> Regards
>
> Laurent BASTET
>
> Le 16/06/2016 17:22, �s-bounces@mit.edu)" a écrit :
> > On 06/16/2016 10:08 AM, Laurent.Bastet@i-carre.net wrote:
> > > Hello all,
> > >
> > > Can you tell me if it is possible to get a TGT not entering a password,
> > > but only using an OTP token ?
> > > I found some tutorials on the internet (ie
> > > http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
> > > works, the token is never asked : when I do kinit, only the password is
> > > requested, and then I have to make a "kinit -T armor_ccache" for a token
> > > been requested.
> > >
> > > And even if I don't do the command "kinit -T" I can access to machines...
> > >
> > > Regards,
> > >
> > > Laurent.
> > > ________________________________________________
> > > Kerberos mailing list Kerberos@mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > OTP feature requires a FAST tunnel that is accomplished by having
> > another key and identity on the client for the host.
> > Then you first kinit with host and then use it with -T for user
> > authentication.
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic