2FA with krb5

Ken Hornstein kenh at cmf.nrl.navy.mil
Thu Oct 7 14:35:35 EDT 2021


>I've been running Privacyidea (https://www.privacyidea.org/) for some
>time to manage the tokens. Exposed the Application with RADIUS and told
>FreeIPA to authenticate against RADIUS. Had some rough edges, but was
>usable for me and is able to manage many kinds of tokens. 

So what's the _client_ look like?  Specifically, are you doing FAST-OTP?
If so, what client software are you using?  Does this only work on
systems with host keys, or do you do anonymous PKINIT?

--Ken


More information about the Kerberos mailing list