[6843] in Kerberos
Re: Combining Kerberos/DCE with SecureId/SKey authentication
daemon@ATHENA.MIT.EDU (Joe Kovara)
Wed Mar 6 23:11:01 1996
To: kerberos@MIT.EDU
Date: Mon, 04 Mar 1996 19:35:19 GMT
From: joek@CyberSafe.com (Joe Kovara)
lefebvre@dis.anl.gov (William LeFebvre) wrote:
>In article <x63f7t7o4x.fsf@strobe.weeg.uiowa.edu>,
>Ed Hill <edhill@strobe.weeg.uiowa.edu> wrote:
>>How do others solve this problem - do you solve it? In the Kerberos FAQ it
>>mentions that it would be possible to incorporate a challenge-response type of
>>password authentication, but is anyone really working on it. Are there people
>>out there who try to solve this problem? If so how?
>The Cygnus version of Kerberos 4 includes support for authenticating a
>user via an SNK card. So it certainly *can* be done. But who has
>actually done it for either SecureID or S/Key? I don't know.
CyberSafe supports SecurID authentication in V5. We have also submitted a
draft RFC to extend the K5 protocol in a standard way to accomodate arbitrary
secondary authentication and one-time-passcodes (of which SecureID and
S/Key are examples). There was also interest by some in the DCE community to
incorporate our extensions into DCE; I do not know what the state of that work
is.
Joe Kovara / Director of Engineering / CyberSafe Corp.
1605 NW Sammamish Road, Suite 310 / Issaquah, WA 98027
joek@cybersafe.com / 206-391-6000 (phone) / 206-391-0508 (fax)
