help with OTP

Matt Zagrabelny mzagrabe at d.umn.edu
Wed Apr 26 11:32:24 EDT 2023


[Probably solved!]

On Wed, Apr 26, 2023 at 10:12 AM Matt Zagrabelny <mzagrabe at d.umn.edu> wrote:
>
> Whoops. Looks like I need:
>
> sudo apt install krb5-pkinit

Fool me once shame on me, fool me twice shame on me!

I also neglected to add the krb5-otp package to the KDC server.

Now I get:

$ kdestroy
$ kinit -n -c /tmp/somecache
$ kinit -T /tmp/somecache
Enter OTP Token Value:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: bob at MYDOMAIN.COM

Valid starting       Expires              Service principal
04/26/2023 10:26:41  04/26/2023 20:26:41  krbtgt/MYDOMAIN.COM at MYDOMAIN.COM
        renew until 04/27/2023 10:26:29

This is all on my test system. Still need to try in production, but it
looks, and feels!, pretty good.

Thanks for all the help!

-m



More information about the Kerberos mailing list