Kerberos and OTP
Dmitri Pal
dpal at redhat.com
Thu Jun 16 11:22:31 EDT 2016
On 06/16/2016 10:08 AM, Laurent.Bastet at i-carre.net wrote:
> Hello all,
>
> Can you tell me if it is possible to get a TGT not entering a password,
> but only using an OTP token ?
> I found some tutorials on the internet (ie
> http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
> works, the token is never asked : when I do kinit, only the password is
> requested, and then I have to make a "kinit -T armor_ccache" for a token
> been requested.
>
> And even if I don't do the command "kinit -T" I can access to machines...
>
> Regards,
>
> Laurent.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
OTP feature requires a FAST tunnel that is accomplished by having
another key and identity on the client for the host.
Then you first kinit with host and then use it with -T for user
authentication.
--
Thank you,
Dmitri Pal
Engineering Director, Identity Management and Platform Security
Red Hat, Inc.
More information about the Kerberos
mailing list