[4194] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Ted Lemon)
Tue Nov 15 14:59:10 1994
To: stripes@uunet.uu.net (Josh Osborne)
Cc: jgs@yurt.merit.edu, kerberos@MIT.EDU
In-Reply-To: Your message of "Tue, 15 Nov 1994 14:09:21 EST."
<QQxqdw26097.199411151909@rodan.UU.NET>
Date: Tue, 15 Nov 1994 11:20:25 -0800
From: Ted Lemon <mellon@ipd.wellsfargo.com>
> Well, lets go with a diffrent situation. I am about to leave town, and
> have aranged access to a terminal room, but either they don't run
> Kerberos, or I don't trust the Kerberos instalation. So I want to use
> S/Keys to get back to my office, and will be careful not to look at
> anything too secret, or to _ever_ type a real password.
So you need a login program that will accept s/key passwords. This
actually makes a lot of sense - if you telnet into a machine, you
definitely don't want to type your kerberos password. So hack telnetd
so that if it doesn't successfully authenticate with Kerberos, it
invokes /bin/login with an argument that tells it to ask for an s/key
password. If the login program is run from a hardwired terminal, it
isn't given that switch, so it authenticates with Kerberos.
Once you've logged in with s/key, you don't have access to network
resources - just to your local machine. Hopefully that's enough to
get you by...
_MelloN_
--
Ted Lemon Wells Fargo Bank, Information Protection Division
mellon@ipd.wellsfargo.com +1 415 477 5045
