One Time Identification, a request for comments/testing.

Jim Rees rees at
Fri Feb 2 10:05:09 EST 2007

So would it be fair say this is sort of like using a smartcard in that you
need both possession of the token and knowledge of a PIN?  And that the KDC
guards the PIN against brute force guessing, because each guess requires a
transaction against the KDC?  So stealing the token gets the attacker

More information about the krbdev mailing list