hardware preauthentication in krb5-1.3-beta4

[Ken Hornstein]

>Just a thought, perhaps the challenge should be used as a source of 
>entropy. The user consumable
>portion of the challenge can be augmented with additional randomly 
>generated bytes. This
>approach permits the continued use of a classic hardware token and 
>provides a semi user centric experience.

I don't see how you could do that, since the challenge has to be transmitted
in the clear (there's nothing to encrypt it with).

--Ken