[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos tickets and one time passwords
Another idea is to use PAM, if your system supports it! then you won't
even have to modify login/telnetd. A pam session module could run kinit
and then afslog or aklog only after the one time password is accepted.
> OK. This place looks better somehow.
> > Why not just modify the users login scripts though?
> Because those script are in AFS and without a token they cannot be read.
> The keytab file should also only be readable by the user telnet runs with,
> not by the user itself.
> Andreas Haupt E-Mail: firstname.lastname@example.org
> DESY Zeuthen
> Platanenallee 6
> 15738 Zeuthen