[37545] in Kerberos
Re: Kerberos and OTP
daemon@ATHENA.MIT.EDU (Laurent.Bastet@i-carre.net)
Wed Jun 29 10:06:41 2016
Message-ID: <5773D5E1.1080400@i-carre.net>
Date: Wed, 29 Jun 2016 16:06:25 +0200
From: <Laurent.Bastet@i-carre.net>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <5762C437.9000700@redhat.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello Dmitri,
Thanks for your reply, it's working fine now.
Regards
Laurent BASTET
Le 16/06/2016 17:22, �s-bounces@mit.edu)" a écrit :
> On 06/16/2016 10:08 AM, Laurent.Bastet@i-carre.net wrote:
>> Hello all,
>>
>> Can you tell me if it is possible to get a TGT not entering a password,
>> but only using an OTP token ?
>> I found some tutorials on the internet (ie
>> http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
>> works, the token is never asked : when I do kinit, only the password is
>> requested, and then I have to make a "kinit -T armor_ccache" for a token
>> been requested.
>>
>> And even if I don't do the command "kinit -T" I can access to machines...
>>
>> Regards,
>>
>> Laurent.
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
> OTP feature requires a FAST tunnel that is accomplished by having
> another key and identity on the client for the host.
> Then you first kinit with host and then use it with -T for user
> authentication.
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
