pam-krb5 4.5 released
Stephen Frost
sfrost at snowman.net
Fri Feb 10 16:42:40 EST 2012
* Greg Hudson (ghudson at MIT.EDU) wrote:
> > Is there any way to eliminate the need for this first password?
>
> Not with the securid-sam2 preauth module. It implements the
> send-encrypted-sad method of SAM2 preauth, which requires the user's
> long-term key to be used to encrypt the OTP value.
Ok, thanks. Is the user's long-term key of any value if FAST is in
place? By that I mean- could I just make it 'password' or similar
without any security risk..?
Thanks!
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20120210/cd68ddd5/attachment.bin
More information about the Kerberos
mailing list