[39235] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: help with OTP

daemon@ATHENA.MIT.EDU (Matt Zagrabelny via Kerberos)
Wed Apr 26 11:37:59 2023

MIME-Version: 1.0
In-Reply-To: <CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
Date: Wed, 26 Apr 2023 10:32:24 -0500
Message-ID: <CAOLfK3VEGixjZOy4BSsznHFf3KeKr7jynrfFDpLg3o-j3wBfhw@mail.gmail.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
From: Matt Zagrabelny via Kerberos <kerberos@mit.edu>
Reply-To: Matt Zagrabelny <mzagrabe@d.umn.edu>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

[Probably solved!]

On Wed, Apr 26, 2023 at 10:12 AM Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
>
> Whoops. Looks like I need:
>
> sudo apt install krb5-pkinit

Fool me once shame on me, fool me twice shame on me!

I also neglected to add the krb5-otp package to the KDC server.

Now I get:

$ kdestroy
$ kinit -n -c /tmp/somecache
$ kinit -T /tmp/somecache
Enter OTP Token Value:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: bob@MYDOMAIN.COM

Valid starting       Expires              Service principal
04/26/2023 10:26:41  04/26/2023 20:26:41  krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
        renew until 04/27/2023 10:26:29

This is all on my test system. Still need to try in production, but it
looks, and feels!, pretty good.

Thanks for all the help!

-m

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39235] in Kerberos

Re: help with OTP

daemon@ATHENA.MIT.EDU (Matt Zagrabelny via Kerberos)Wed Apr 26 11:37:59 2023

daemon@ATHENA.MIT.EDU (Matt Zagrabelny via Kerberos)
Wed Apr 26 11:37:59 2023