[16446] in Kerberos_V5_Development
Re: krb5-1.9-beta1 is available
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Nov 4 16:21:29 2010
To: Tim Alsop <Tim@cybersafe.com>
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 04 Nov 2010 16:21:23 -0400
In-Reply-To: <1A136DCE57F98F4B8BAB5FFC69C8E6DAD116D97DD9@exchange.cybersafe.local>
(Tim Alsop's message of "Thu, 4 Nov 2010 20:13:57 +0000")
Message-ID: <ldvwrosc01o.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Tim Alsop <Tim@cybersafe.com> writes:
> Hi,
>
> Is the RA SecurID support based on the SAM protocol, so that
> Kerberos password is still required ?
This is based on the SAM-2 protocol.
> We have supported this for about 10 years in our KDC and find that
> most customers prefer a method which is not using Kerberos password,
> and hence the new RSA OTP draft is preferred.
> I am therefore wondering why a SAM based solution has been chosen ?
The SAM solution is an interim measure to support existing
deployments, and is not our long-term strategy for OTP. The current
draft draft-ietf-krb-wg-otp-preauth-13 is more promising as a
long-term OTP strategy, because it is intended to work with FAST.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
