[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Kerberos tickets and one time passwords
for some reason we need a (telnet) login with one time passwords. The
problem is, that you don't get a kerberos ticket with the telnet supplied
with heimdal. Users have to do klog to work on their AFS home directories,
so the clear password is transmitted over the network.
I thought of modifying the telnetd source to let it automatically do a
kinit. The keys of those users are stored in a keytab file on the telnet
server. All I have to do is something like "kinit -k -t <keytab file>"
after the user logged in properly with his one time password.
Is this a good solution or are there better ways to solve this problem?
How about the security? As long as the server won't be compromised this
should be a secure way, shouldn't it?
Thanks in advance
Andreas Haupt E-Mail: firstname.lastname@example.org