[16072] in Kerberos_V5_Development
Re: Pre-authentication with SecurID
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Aug 18 20:07:34 2010
From: Russ Allbery <rra@stanford.edu>
To: "krbdev\@mit.edu" <krbdev@mit.edu>
In-Reply-To: <05EC5497-1058-4C18-B155-6BF3D5C2B6B0@jpl.nasa.gov> (Henry
B. Hotz's message of "Wed, 18 Aug 2010 16:14:48 -0700")
Date: Wed, 18 Aug 2010 17:07:31 -0700
Message-ID: <8762z7a2ik.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:
> In order to actually use the OTP during a login you will need to modify
> the login process on the machines in question. Specifically you want to
> use the local host keytab to get a tgt to initialize the FAST exchange
> for the user. Most likely this means extra features for pam_krb5. I'm
> sure Russ Albery would be receptive of patches to his pam_krb5, but he
> had not received any the last I asked him.
Sam Hartman sent me patches to support FAST, which have been included in
pam-krb5 4.3.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
