[16450] in Kerberos_V5_Development
RE: krb5-1.9-beta1 is available
daemon@ATHENA.MIT.EDU (Tim Alsop)
Fri Nov 5 08:59:54 2010
From: Tim Alsop <Tim@cybersafe.com>
To: Tom Yu <tlyu@mit.edu>
Date: Fri, 5 Nov 2010 09:08:12 +0000
Message-ID: <1A136DCE57F98F4B8BAB5FFC69C8E6DAD116D97DDF@exchange.cybersafe.local>
In-Reply-To: <ldvwrosc01o.fsf@cathode-dark-space.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Cc: Tim Alsop <tim@cybersafe.com>, "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Tom,
Thanks. I am pleased that it is only considered to be short term solution, but I am wondering if anybody will implement something which is short term and has so many weaknesses.
Our solution is already RSA Certified - just visit http://rsasecured.com and search for Kerberos. Do MIT also plan to get RSA to certify the MIT 1.9 solution ?
Take care,
Tim
-----Original Message-----
From: Tom Yu [mailto:tlyu@mit.edu]
Sent: 04 November 2010 20:21
To: Tim Alsop
Cc: krbdev@MIT.EDU
Subject: Re: krb5-1.9-beta1 is available
Tim Alsop <Tim@cybersafe.com> writes:
> Hi,
>
> Is the RA SecurID support based on the SAM protocol, so that Kerberos
> password is still required ?
This is based on the SAM-2 protocol.
> We have supported this for about 10 years in our KDC and find that
> most customers prefer a method which is not using Kerberos password,
> and hence the new RSA OTP draft is preferred.
> I am therefore wondering why a SAM based solution has been chosen ?
The SAM solution is an interim measure to support existing deployments, and is not our long-term strategy for OTP. The current draft draft-ietf-krb-wg-otp-preauth-13 is more promising as a long-term OTP strategy, because it is intended to work with FAST.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
