[36130] in Kerberos
Re: otp over radius preauthentication
daemon@ATHENA.MIT.EDU (Frederic Van Espen)
Fri May 16 02:51:41 2014
MIME-Version: 1.0
In-Reply-To: <53750FBC.8020303@mit.edu>
Date: Fri, 16 May 2014 08:51:22 +0200
Message-ID: <CAJPacscxAeZrusOUmit-ZbH311gdc1gmvmLQ-sy9TagCoxeXsQ@mail.gmail.com>
From: Frederic Van Espen <frederic.ve@gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Content-Type: multipart/mixed; boundary=089e0158acc47702e204f97ed7b4
Cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
--089e0158acc47702e204f97ed7b4
Content-Type: text/plain; charset=UTF-8
> I talked to the author of the OTP KDC plugin about this today, and we
> have only vague conjectures at this point. We might be able to figure
> out what's going on with a raw packet dump of the kinit exchange from
> the KDC's perspective. The list server will scrub attachments, but if
> you can send me a raw packet dump privately I will see what I can do.
Of course! For the sake of completeness, I still cc'ed the list. I
attached a pcap trace of the packets that are exchanged. I traced on
both port 88 (krb) and 1812 (radius). Here's what you'll find in the
trace:
- First an anonymous pkinit to obtain the armor ticket
- Then otp preauth.
I did these tests locally on one and the same machine. So the client
machine is the same as the server.
Let me know if there is anything else that could help you.
--089e0158acc47702e204f97ed7b4
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--089e0158acc47702e204f97ed7b4--
