Implementing OTP mechanism with existing kerberos
Gopal Paliwal
gopalpaliwal at gmail.com
Wed Jul 25 16:31:29 EDT 2007
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i will be
generating this OTP with a hardware token.
Also, i will be encrypting time-stamp with password & OTP.
At the kerberos authentication server, I will be able to generate a OTP.
Now, the problem which I will face is that kerberos doesn't store passwords
in clear form. & I somehow need to form a key at kerberos authentication
server side to decrypt the time-stamp sent in the AS_REQ message by user.
That key will be made up of OTP + password.
Can someone point me out the mechanism as to how can I obtain password in
clear form or other way with which I will be able to resolve my doubt.
-gopal
More information about the Kerberos
mailing list