[37549] in Kerberos
Re: Kerberos and OTP
daemon@ATHENA.MIT.EDU (Diogenes Jesus)
Thu Jun 30 04:01:50 2016
Mime-Version: 1.0 (1.0)
From: Diogenes Jesus <splash@gmail.com>
In-Reply-To: <5773D5E1.1080400@i-carre.net>
Date: Thu, 30 Jun 2016 10:01:29 +0200
Message-Id: <ED51EF24-C0E9-4674-A2B4-30B0AC1B54D2@gmail.com>
To: Laurent.Bastet@i-carre.net
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi Laurent.
Alternatively you can enable anonymous authentication (don't forget to restrict anonymous to only TGT in kdc.conf).
That way it's not required to kinit with host first (you just kinit -n).
Dio
> On 29 Jun 2016, at 16:06, <Laurent.Bastet@i-carre.net> <Laurent.Bastet@i-carre.net> wrote:
>
> Hello Dmitri,
>
> Thanks for your reply, it's working fine now.
>
> Regards
>
> Laurent BASTET
>
> Le 16/06/2016 17:22, �s-bounces@mit.edu)" a écrit :
>> On 06/16/2016 10:08 AM, Laurent.Bastet@i-carre.net wrote:
>>> Hello all,
>>>
>>> Can you tell me if it is possible to get a TGT not entering a password,
>>> but only using an OTP token ?
>>> I found some tutorials on the internet (ie
>>> http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
>>> works, the token is never asked : when I do kinit, only the password is
>>> requested, and then I have to make a "kinit -T armor_ccache" for a token
>>> been requested.
>>>
>>> And even if I don't do the command "kinit -T" I can access to machines...
>>>
>>> Regards,
>>>
>>> Laurent.
>>> ________________________________________________
>>> Kerberos mailing list Kerberos@mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>> OTP feature requires a FAST tunnel that is accomplished by having
>> another key and identity on the client for the host.
>> Then you first kinit with host and then use it with -T for user
>> authentication.
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos