2FA with krb5
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Oct 15 17:49:42 EDT 2021
>We use TOTP. That allows us to tack the token on the end of the
>password. That makes it easy to fix programs that expect a simple
>password prompt.
>
>In fact I have a wrapper that can be interposed around pretty much
>anything use LD_PRELOAD.
>[...]
Well, that answers PART of my question. And I am guessing based on
the README for that you use k5start to generate the FAST armor cache
using the host key in the keytab? But this seems kind of RADIUS
specific; do you use TOTP for people who just use kinit?
--Ken
More information about the Kerberos
mailing list