[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos tickets and one time passwords

To: Andreas Haupt <ahaupt@ifh.de>
Subject: Re: Kerberos tickets and one time passwords
From: Onime Clement <onime@ictp.trieste.it>
Date: Fri, 28 Feb 2003 10:57:24 +0100 (CET)
cc: Brian May <bam@snoopy.apana.org.au>, <heimdal-discuss@sics.se>
In-Reply-To: <Pine.LNX.4.51.0302281020110.15855@juno.ifh.de>
Sender: owner-heimdal-discuss@sics.se


Another idea is to use PAM, if your system supports it! then you won't 
even have to modify login/telnetd. A pam session module could run kinit 
and then afslog or aklog only after the one time password is accepted.

Clement

> OK. This place looks better somehow.
> 
> > Why not just modify the users login scripts though?
> 
> Because those script are in AFS and without a token they cannot be read.
> The keytab file should also only be readable by the user telnet runs with,
> not by the user itself.
> 
> Thanks.
> Andreas
> 
> -- 
> Andreas Haupt         E-Mail: ahaupt@ifh.de
>  DESY Zeuthen
>  Platanenallee 6
>  15738 Zeuthen
>

Follow-Ups:
- Re: Kerberos tickets and one time passwords
  - From: Andreas Haupt <ahaupt@ifh.de>

References:
- Re: Kerberos tickets and one time passwords
  - From: Andreas Haupt <ahaupt@ifh.de>

Prev by Date: Re: Kerberos tickets and one time passwords
Next by Date: Re: Kerberos tickets and one time passwords
Prev by thread: Re: Kerberos tickets and one time passwords
Next by thread: Re: Kerberos tickets and one time passwords
Index(es):
- Date
- Thread