[38303] in Kerberos
Re: Kerberos OTP with RADIUS for kadmin
daemon@ATHENA.MIT.EDU (Robbie Harwood)
Tue Aug 21 10:52:46 2018
From: Robbie Harwood <rharwood@redhat.com>
To: John Devitofranceschi <jdvf@optonline.net>, kerberos@mit.edu
In-Reply-To: <2F560881-6C8F-4C24-BA7F-1D3E921C3E41@optonline.net>
Date: Tue, 21 Aug 2018 10:52:15 -0400
Message-ID: <jlgftz7epr4.fsf@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2536867821757693082=="
Errors-To: kerberos-bounces@mit.edu
--===============2536867821757693082==
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
John Devitofranceschi <jdvf@optonline.net> writes:
> I=E2=80=99m thinking about securing Kerberos administrative principals
> (*/admin and the like) with OTP using RADIUS.
>
> Will kadmin take kindly to that?=20=20
>
> I have all the parts (RADIUS server, KDC, etc). I just need to glue
> them together, but it would be nice to know first if it=E2=80=99s worth t=
he
> effort.
(FreeIPA supports configuration of OTP/RADIUS for all user principals,
but we don't use the kadmin CLI interface, so I can't speak to this,
sorry.)
Thanks,
=2D-Robbie
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEA5qc6hnelQjDaHWqJTL5F2qVpEIFAlt8JyAACgkQJTL5F2qV
pEL41g//RTDB/mgGE/lsTDOguqZf6Pn4M3z3tF531Cya1Oxv/sNDeiKsFlx4O8D1
0NN0t7ENWtypDkVtdgVHkJ3mE4F8kCA6f/kgNVnz6anNoTq4obwTezoccGGW8Hpb
AMtC7dlP4L6a2NjcchOtgFY/5AhrFuMFX65AQfe5A4fnytkO29a82B97zLsY3Vek
VaI9dDUCcLcqMAtGoI9lv6ma7oIrj8gglmR1Bl4TSpUyHSwT3z9M6z90JtT2wx/t
QNvd68jg1hFic42lmcUXMT9YElBlZgRszbv8T0D9YjvorW+CpSU74KWoVomq/88h
mJngz1F80MB4otPyCV7gxmsvPF9TwHkkz7/PZ1fEIVNirgvre9GBZKauOZobyz5F
vXo0xMX7dTRfRjJY1jBA19F9faCknEhMfFDu8EafyGoIjULRr0YZTUG2cU2gZYQR
G3beKLoRMplosrjzxGG2R2iwAPgtIH9/LF558PUnvzo3wJRUaWq7Qsh+TSJSh+AM
C7bMQY0Quu0qZQzVNfW9hf02Dm2+uJtUL/4HuXz8vEti/tgIuXIBAcY4j6EmsbUb
QKlPsdnAmo246UC9x0Rs5OB667lA3ZiJGVNLdEdfsY6nbxN8voM5asH1peVk3zaC
PTG4XtHx0s+VXGqcnVyOIAWUsfrfK+1HiaHR9KV5CZNJuAxTRA0=
=Sxnr
-----END PGP SIGNATURE-----
--=-=-=--
--===============2536867821757693082==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============2536867821757693082==--
