[3651] in Kerberos
Re: S/KEY integrated with Kerberos?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Aug 6 11:07:51 1994
Date: Sat, 6 Aug 94 10:54:09 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: tls@panix.com
Cc: kerberos@MIT.EDU
In-Reply-To: Thor Lancelot Simon's message of 6 Aug 1994 01:11:29 -0400,
<31v621$kho@panix3.panix.com>
Date: 6 Aug 1994 01:11:29 -0400
From: tls@panix.com (Thor Lancelot Simon)
Organization: PANIX Public Access Internet and Unix, NYC
Sender: usenet@cam.ov.com
Someone on the skey-users mailing list pointed out that telnetting to
net-dist.mit.edu and hitting return at the password prompt gets an
"ECHO ON for s/key password" prompt.
Does this mean someone's working on adding support for s/key
authentication to Kerberos? I've been rolling the idea around in my
head, but I have some trouble conceptualizing how such a system would
work.
:-) What makes you think that simply because the login program on
net-dist supports S/Key has any relationship to Kerberos?
There have been some thoughts about how you might do it; it would
involve the use of public-key technology, though, and require that you
run a separate S/Key->TGT server on your Kerberos server. We haven't
sat down and seriously designed it though, and it's most probably won't
be appearing in the next beta. :-)
- Ted
