[6847] in Kerberos
Re[2]: Combining Kerberos/DCE with SecureId/SKey authentication
daemon@ATHENA.MIT.EDU (Brian Murrell)
Thu Mar 7 12:54:36 1996
From: Brian Murrell <murrell@bctel.net>
Date: Thu, 7 Mar 1996 09:36:52 -0800 (PST)
To: joek@CyberSafe.com
Cc: kerberos@MIT.EDU
In-Reply-To: <4hfgl8$97e@kerby.ocsg.com>
from the quill of joek@CyberSafe.com (Joe Kovara) on scroll
<4hfgl8$97e@kerby.ocsg.com>
> CyberSafe supports SecurID authentication in V5.
From what I understand however, one enters both the securid passcode AND a
kerberos key. This still makes the KDC a target, not to mention having
crank in two secrets when doing a kinit. What I would like to see is that
securid be used as the authenticator at the kdc. That way the kdc holds no
valuable information, and I just have to remember my PIN.
> We have also submitted a
> draft RFC to extend the K5 protocol in a standard way to accomodate
> arbitrary
> secondary authentication and one-time-passcodes (of which SecureID and
> S/Key are examples). There was also interest by some in the DCE
> community to
> incorporate our extensions into DCE; I do not know what the state of
> that work
> is.
b.
--
Brian J. Murrell murrell@bctel.net
BCTel Advanced Communications brian@ilinx.com
Vancouver, B.C. brian@wimsey.com
604 454 5279
