[37549] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos and OTP

daemon@ATHENA.MIT.EDU (Diogenes Jesus)
Thu Jun 30 04:01:50 2016

Mime-Version: 1.0 (1.0)
From: Diogenes Jesus <splash@gmail.com>
In-Reply-To: <5773D5E1.1080400@i-carre.net>
Date: Thu, 30 Jun 2016 10:01:29 +0200
Message-Id: <ED51EF24-C0E9-4674-A2B4-30B0AC1B54D2@gmail.com>
To: Laurent.Bastet@i-carre.net
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Hi Laurent. 

Alternatively you can enable anonymous authentication (don't forget to restrict anonymous to only TGT in kdc.conf).

That way it's not required to kinit with host first (you just kinit -n).

Dio

> On 29 Jun 2016, at 16:06, <Laurent.Bastet@i-carre.net> <Laurent.Bastet@i-carre.net> wrote:
> 
> Hello Dmitri,
> 
> Thanks for your reply, it's working fine now.
> 
> Regards
> 
> Laurent BASTET
> 
> Le 16/06/2016 17:22, �s-bounces@mit.edu)" a écrit :
>> On 06/16/2016 10:08 AM, Laurent.Bastet@i-carre.net wrote:
>>> Hello all,
>>> 
>>> Can you tell me if it is possible to get a TGT not entering a password,
>>> but only using an OTP token ?
>>> I found some tutorials on the internet (ie
>>> http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none
>>> works, the token is never asked : when I do kinit, only the password is
>>> requested, and then I have to make a "kinit -T armor_ccache" for a token
>>> been requested.
>>> 
>>> And even if I don't do the command "kinit -T" I can access to machines...
>>> 
>>> Regards,
>>> 
>>> Laurent.
>>> ________________________________________________
>>> Kerberos mailing list           Kerberos@mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>> OTP feature requires a FAST tunnel that is accomplished by having
>> another key and identity on the client for the host.
>> Then you first kinit with host and then use it with -T for user
>> authentication.
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home help back first fref pref prev next nref lref last post