[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kerberos
Subject:    Re: Kerberos and OTP
From:       Diogenes Jesus <splash () gmail ! com>
Date:       2016-06-30 8:01:29
Message-ID: ED51EF24-C0E9-4674-A2B4-30B0AC1B54D2 () gmail ! com
[Download RAW message or body]

Hi Laurent. 

Alternatively you can enable anonymous authentication (don't forget to restrict \
anonymous to only TGT in kdc.conf).

That way it's not required to kinit with host first (you just kinit -n).

Dio

> On 29 Jun 2016, at 16:06, <Laurent.Bastet@i-carre.net> <Laurent.Bastet@i-carre.net> \
> wrote: 
> Hello Dmitri,
> 
> Thanks for your reply, it's working fine now.
> 
> Regards
> 
> Laurent BASTET
> 
> Le 16/06/2016 17:22, �s-bounces@mit.edu)" a écrit :
> > On 06/16/2016 10:08 AM, Laurent.Bastet@i-carre.net wrote:
> > > Hello all,
> > > 
> > > Can you tell me if it is possible to get a TGT not entering a password,
> > > but only using an OTP token ?
> > > I found some tutorials on the internet (ie
> > > http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
> > > works, the token is never asked : when I do kinit, only the password is
> > > requested, and then I have to make a "kinit -T armor_ccache" for a token
> > > been requested.
> > > 
> > > And even if I don't do the command "kinit -T" I can access to machines...
> > > 
> > > Regards,
> > > 
> > > Laurent.
> > > ________________________________________________
> > > Kerberos mailing list           Kerberos@mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > OTP feature requires a FAST tunnel that is accomplished by having
> > another key and identity on the client for the host.
> > Then you first kinit with host and then use it with -T for user
> > authentication.
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic