Project review: OTPOverRadius

Nathaniel McCallum npmccallum at
Mon Dec 17 16:42:15 EST 2012

On Sun, 2012-12-16 at 22:10 -0500, Dmitri Pal wrote:
> On 12/14/2012 10:34 PM, Nathaniel McCallum wrote:
> > The PA-OTP-REQUEST would be matched with the vendor, length, format,
> > algorithm and id fields, eliminating non-matches. Whatever tokens
> > remain, the RADIUS servers for these will be tried. I'm pretty sure that
> > this is strongly implied in the proposal and some basic knowledge of OTP
> > preauth.
> OK though in cases other than testing most likely none of these fields
> will be populated so there would be nothing to match.
> And I realize that knowledge of the OTP preauth is needed though others
> might not so it might make sense to add it as a prerequisite on the page.

The RFC is already referenced at the top of the page. Non-specified
fields always match and this is the only sensible behavior.

More information about the krbdev mailing list