krb5-1.9-beta1 is available
tlyu at MIT.EDU
Thu Nov 4 16:21:23 EDT 2010
Tim Alsop <Tim at cybersafe.com> writes:
> Is the RA SecurID support based on the SAM protocol, so that
> Kerberos password is still required ?
This is based on the SAM-2 protocol.
> We have supported this for about 10 years in our KDC and find that
> most customers prefer a method which is not using Kerberos password,
> and hence the new RSA OTP draft is preferred.
> I am therefore wondering why a SAM based solution has been chosen ?
The SAM solution is an interim measure to support existing
deployments, and is not our long-term strategy for OTP. The current
draft draft-ietf-krb-wg-otp-preauth-13 is more promising as a
long-term OTP strategy, because it is intended to work with FAST.
More information about the krbdev