[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos tickets and one time passwords


for some reason we need a (telnet) login with one time passwords. The
problem is, that you don't get a kerberos ticket with the telnet supplied
with heimdal. Users have to do klog to work on their AFS home directories,
so the clear password is transmitted over the network.

I thought of modifying the telnetd source to let it automatically do a
kinit. The keys of those users are stored in a keytab file on the telnet
server. All I have to do is something like "kinit -k -t <keytab file>"
after the user logged in properly with his one time password.

Is this a good solution or are there better ways to solve this problem?
How about the security? As long as the server won't be compromised this
should be a secure way, shouldn't it?

Thanks in advance

Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen