2FA with krb5

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Oct 15 17:49:42 EDT 2021


>We use TOTP. That allows us to tack the token on the end of the
>password. That makes it easy to fix programs that expect a simple
>password prompt.
>
>In fact I have a wrapper that can be interposed around pretty much
>anything use LD_PRELOAD.
>[...]

Well, that answers PART of my question.  And I am guessing based on
the README for that you use k5start to generate the FAST armor cache
using the host key in the keytab?  But this seems kind of RADIUS
specific; do you use TOTP for people who just use kinit?

--Ken


More information about the Kerberos mailing list