Re: Kerberos tickets and one time passwords

[Andreas Haupt <ahaupt@ifh.de>]

On Mon, 10 Mar 2003, Daniel Kouril wrote:

> (sorry for the delay, I was on vacation last week)
> We have developed a service for "transformation" of OTP's to krb5 tickets,
> it's based on SASL and krb525 mechanisms. This way we are able to create krb5
> tickets for users authenticated via OTP without requiring the users to store
> their keys into keytabs. We also adapted the libotp library from Heimdal to
> support this service, so only relinking of the login program (which supports
> OTP authentication) is needed. I could provide you with more information and
> source code if you are interested.

This sounds very interesting! But how does it work? Are the otps derived
from the user's key?

BTW: I solved this problem on my own (the tip with PAM was great). I wrote
a PAM module that creates the credentials by the use of a keytab file
after the user is authenticated (by the pam s/key module).

Thank you all.

-- 
Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen