hardware preauthentication in krb5-1.3-beta4
Peter Iannarelli
peteri at cryptocard.com
Mon Jul 14 12:00:59 EDT 2003
Hello:
I am attempting to implement CRYPTOCARD hardware preauthentication into
the krb5-1.3-beta4 kdc.
For the most part I have it working just fine, except for two minor issues.
firstly, when I tested with GRAIL, I am presented a challenge and I
enter my response
and all goes well.
I added a new type to the switch statement in sam_get_edata. It's type
PA_SAM_TYPE_CRYPTOCARD
as defined in k5-int.h. When I attempt to get my ticket, I am prompted
to enter my password. After entering
a good or bad password, I am prompted with my challenge. Why am I being
prompted to enter a password?
When using GRAIL I am not prompted to enter a password, I am simply
presented a challenge and the response
is expected.
Also
If I enter an invalid response, in GRAIL, I am presented the challenge
and prompted to enter my response
again. When using PA_SAM_TYPE_CRYPTOCARD, I am not presented that second
challenge nor prompt.
I simply get a "kinit(v5): Cannot read password while getting initial
credentials".
Please note: the CRYPTOCARD logic is the same as the GRAIL logic with
the exception of the origin of
the challenge and response. If anyone wants to see the code, just ask
Any help would be greatly appreciated.
Thanks
Peter Iannarelli
More information about the krbdev
mailing list