Configuring OTPOverRadius
Cornelius Kölbel
cornelius.koelbel at lsexperts.de
Mon Aug 5 11:26:02 EDT 2013
Hello,
I tried to setup a KDC with OTPoverRadius in a lab environment following
http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS.
I checked out the latest commit 7963a951f326c854d2faa5f26827407632c2b496
from August 1st from github.com/krb5/krb5 and compiled from source.
I used the same sources on the client machine, and configured a user
with pre-auth and static password, which works fine.
The otp preauth seemed to have compiled successfully:
/usr/local/lib/krb5/plugins/preauth/otp.so
Now I wanted to see the preauth against the RADIUS so I add this to my
kdc.conf:
[otp]
DEFAULT = {
server = 172.16.200.146
secret = geheim
strip_realm = true
}
and added the user string:
kadmin.local: get_strings cornelius
otp: [{}]
But when doing a kinit on the client machine, the KDC still sends a
ERR_PREAUTH_REQUIRED and the user can authenticate with the static
password. No RADIUS traffic.
What is the status of the OTP/Radius plugin?
Did I miss something?
Thanks a lot and kind regards
Cornelius
--
Cornelius Kölbel
(Head of Product Management)
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel: +49 6151 86086-252, Fax: -299, Mobil: +49 160 96307089
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschaeftsfuehrer: Oliver Michel, Sven Walther, Dr. Peter Schill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20130805/fd4c55c6/attachment.bin
More information about the krbdev
mailing list