Implementing OTP mechanism with existing kerberos
Douglas E. Engert
deengert at anl.gov
Wed Jul 25 17:21:08 EDT 2007
Gopal Paliwal wrote:
> Hi,
>
> I am implementing OTP mechanism in the existing kerberos.
> I have set up pre-auth mechanism to authenticate the clients.
> Now, the user will be asked password+OTP instead of just password. i will be
> generating this OTP with a hardware token.
>
> Also, i will be encrypting time-stamp with password & OTP.
> At the kerberos authentication server, I will be able to generate a OTP.
>
> Now, the problem which I will face is that kerberos doesn't store passwords
> in clear form. & I somehow need to form a key at kerberos authentication
> server side to decrypt the time-stamp sent in the AS_REQ message by user.
> That key will be made up of OTP + password.
> Can someone point me out the mechanism as to how can I obtain password in
> clear form or other way with which I will be able to resolve my doubt.
>
Google for IETF Kerberos OTP
and start with
http://www.ietf.org/internet-drafts/draft-richards-otp-kerberos-03.txt
This covers a lot of the issues, it is not an easy problem.
> -gopal
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list