krb5-1.9-beta1 is available

Tom Yu tlyu at MIT.EDU
Thu Nov 4 16:21:23 EDT 2010

Tim Alsop <Tim at> writes:

> Hi,
> Is the RA SecurID support based on the SAM protocol, so that
> Kerberos password is still required ?

This is based on the SAM-2 protocol.

> We have supported this for about 10 years in our KDC and find that
> most customers prefer a method which is not using Kerberos password,
> and hence the new RSA OTP draft is preferred.

> I am therefore wondering why a SAM based solution has been chosen ?

The SAM solution is an interim measure to support existing
deployments, and is not our long-term strategy for OTP.  The current
draft draft-ietf-krb-wg-otp-preauth-13 is more promising as a
long-term OTP strategy, because it is intended to work with FAST.

More information about the krbdev mailing list