[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos tickets and one time passwords
On Mon, 10 Mar 2003, Daniel Kouril wrote:
> (sorry for the delay, I was on vacation last week)
> We have developed a service for "transformation" of OTP's to krb5 tickets,
> it's based on SASL and krb525 mechanisms. This way we are able to create krb5
> tickets for users authenticated via OTP without requiring the users to store
> their keys into keytabs. We also adapted the libotp library from Heimdal to
> support this service, so only relinking of the login program (which supports
> OTP authentication) is needed. I could provide you with more information and
> source code if you are interested.
This sounds very interesting! But how does it work? Are the otps derived
from the user's key?
BTW: I solved this problem on my own (the tip with PAM was great). I wrote
a PAM module that creates the credentials by the use of a keytab file
after the user is authenticated (by the pam s/key module).
Thank you all.
Andreas Haupt E-Mail: email@example.com