[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos tickets and one time passwords

Another idea is to use PAM, if your system supports it! then you won't 
even have to modify login/telnetd. A pam session module could run kinit 
and then afslog or aklog only after the one time password is accepted.


> OK. This place looks better somehow.
> > Why not just modify the users login scripts though?
> Because those script are in AFS and without a token they cannot be read.
> The keytab file should also only be readable by the user telnet runs with,
> not by the user itself.
> Thanks.
> Andreas
> -- 
> Andreas Haupt         E-Mail: ahaupt@ifh.de
>  DESY Zeuthen
>  Platanenallee 6
>  15738 Zeuthen