krb5-1.9-beta1 is available
Tim at cybersafe.com
Fri Nov 5 05:08:12 EDT 2010
Thanks. I am pleased that it is only considered to be short term solution, but I am wondering if anybody will implement something which is short term and has so many weaknesses.
Our solution is already RSA Certified - just visit http://rsasecured.com and search for Kerberos. Do MIT also plan to get RSA to certify the MIT 1.9 solution ?
From: Tom Yu [mailto:tlyu at mit.edu]
Sent: 04 November 2010 20:21
To: Tim Alsop
Cc: krbdev at MIT.EDU
Subject: Re: krb5-1.9-beta1 is available
Tim Alsop <Tim at cybersafe.com> writes:
> Is the RA SecurID support based on the SAM protocol, so that Kerberos
> password is still required ?
This is based on the SAM-2 protocol.
> We have supported this for about 10 years in our KDC and find that
> most customers prefer a method which is not using Kerberos password,
> and hence the new RSA OTP draft is preferred.
> I am therefore wondering why a SAM based solution has been chosen ?
The SAM solution is an interim measure to support existing deployments, and is not our long-term strategy for OTP. The current draft draft-ietf-krb-wg-otp-preauth-13 is more promising as a long-term OTP strategy, because it is intended to work with FAST.
More information about the krbdev