pkinit with passwords

Chris lists at deksai.com
Mon Aug 19 18:45:46 EDT 2013


I've been experimenting with pkinit, and was wondering if there is a
way to also require the normal kerberos password as well as using a
certificate file.   I prefer not to trust the cert alone, but would also
like something more than a password.  I can ask people to password
protect their cert key, and that works, but is unenforceable.

I'd really like to avoid shunting some kind of preauth to yet another
authentication system if possible.  Is it possible to do what I
described, or is there a better way?

Cheers,
Chris


More information about the Kerberos mailing list