[4199] in Kerberos
Re: Kerberos w/ one-time passwords?
daemon@ATHENA.MIT.EDU (Josh Osborne)
Tue Nov 15 18:23:27 1994
From: stripes@uunet.uu.net (Josh Osborne)
To: mellon@ipd.wellsfargo.com (Ted Lemon)
Date: Tue, 15 Nov 1994 18:06:04 -0500 (EST)
Cc: jgs@yurt.merit.edu, kerberos@MIT.EDU
In-Reply-To: <199411151920.LAA25643@rurapenthe.ipd.wellsfargo.com> from "Ted Lemon" at Nov 15, 94 11:20:25 am
[...]
>So you need a login program that will accept s/key passwords. This
>actually makes a lot of sense - if you telnet into a machine, you
>definitely don't want to type your kerberos password. So hack telnetd
>so that if it doesn't successfully authenticate with Kerberos, it
>invokes /bin/login with an argument that tells it to ask for an s/key
>password. If the login program is run from a hardwired terminal, it
>isn't given that switch, so it authenticates with Kerberos.
>
>Once you've logged in with s/key, you don't have access to network
>resources - just to your local machine. Hopefully that's enough to
>get you by...
Nope, can't authinticate to the POP server (and reading mail would be
nice). It would be real nice if some one time password scheme could
be made to work with KV5 (S/Key would be nice because there is allready
a public client implmentation).
