Implementing OTP mechanism with existing kerberos
Tim Alsop
Tim.Alsop at CyberSafe.Com
Wed Jul 25 17:25:49 EDT 2007
Gopal,
It is not easy, but once it is done you get a nice solution - see below
:
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Gopal Paliwal
Sent: 25 July 2007 21:31
To: kerberos at mit.edu
Subject: Implementing OTP mechanism with existing kerberos
Hi,
I am implementing OTP mechanism in the existing kerberos.
I have set up pre-auth mechanism to authenticate the clients.
Now, the user will be asked password+OTP instead of just password. i
will be
generating this OTP with a hardware token.
Also, i will be encrypting time-stamp with password & OTP.
At the kerberos authentication server, I will be able to generate a OTP.
Now, the problem which I will face is that kerberos doesn't store
passwords
in clear form. & I somehow need to form a key at kerberos authentication
server side to decrypt the time-stamp sent in the AS_REQ message by
user.
That key will be made up of OTP + password.
Can someone point me out the mechanism as to how can I obtain password
in
clear form or other way with which I will be able to resolve my doubt.
-gopal
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list