[prev in list] [next in list] [prev in thread] [next in thread]
List: krbdev
Subject: Re: What's missing in fast-otp?
From: Linus Nordberg <linus () nordu ! net>
Date: 2011-07-18 15:14:21
Message-ID: 87wrffhb8y.fsf () nordberg ! se
[Download RAW message or body]
Greg Hudson <ghudson@mit.edu> wrote
Mon, 18 Jul 2011 10:11:33 -0400:
| > - Standard compliance and completeness -- we're far from implementing
| > all of draft-ietf-krb-wg-otp-preauth
|
| What is not implemented? What kinds of tokens will be precluded by the
| lack of support?
At the moment, there's only 4-pass with OTP sent in the request.
There's also no support for PIN change. It's been tested with software
HOTP tokens and Yubikey in OATH mode as well as "yubikey" mode.
| * Is there any way to set up this plugin for use without back-end
| integration with IPA? If not, this may make it difficult to create test
| cases.
IPA being the generic term "identity and policy management" or something
more specific?
All KDC configuration goes into krb5.conf and the kdb. OTP verification
is being done by external services like a http server or a "yubikey
server" (which both need some configuration, naturally).
I've been thinking of doing a native HOTP implementation, unless some
other kind of device comes my way first. This might be good for a more
autonomous test environment.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic