2FA with krb5
Charles Hedrick
hedrick at rutgers.edu
Fri Oct 15 16:52:56 EDT 2021
We use TOTP. That allows us to tack the token on the end of the password. That makes it easy to fix programs that expect a simple password prompt.
In fact I have a wrapper that can be interposed around pretty much anything use LD_PRELOAD.
https://github.com/clhedrick/kerberos/blob/master/radius-wrap/radius-wrap.c
> On Oct 7, 2021, at 3:16 PM, Russ Allbery <eagle at eyrie.org> wrote:
>
> Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>
>> Huh, I _kinda_ thought that if you had FAST going, you got FAST OTP (on
>> the client at least) for free! Which shows what I know. Maybe it works
>> already and you never tested it?
>
> The bit that I suspect doesn't work is all the interactions between the
> prompting and the prompt control options like use_first_pass.
>
> --
> Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list