[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerberos tickets and one time passwords

To: heimdal-discuss@sics.se
Subject: Kerberos tickets and one time passwords
From: Andreas Haupt <ahaupt@ifh.de>
Date: Fri, 28 Feb 2003 08:17:37 +0100 (MET)
Sender: owner-heimdal-discuss@sics.se

Hello,

for some reason we need a (telnet) login with one time passwords. The
problem is, that you don't get a kerberos ticket with the telnet supplied
with heimdal. Users have to do klog to work on their AFS home directories,
so the clear password is transmitted over the network.

I thought of modifying the telnetd source to let it automatically do a
kinit. The keys of those users are stored in a keytab file on the telnet
server. All I have to do is something like "kinit -k -t <keytab file>"
after the user logged in properly with his one time password.

Is this a good solution or are there better ways to solve this problem?
How about the security? As long as the server won't be compromised this
should be a secure way, shouldn't it?

Thanks in advance
Andreas

-- 
Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen

Follow-Ups:
- Re: Kerberos tickets and one time passwords
  - From: Brian May <bam@snoopy.apana.org.au>

Prev by Date: Re: mixing heimdal an MIT kerberos V
Next by Date: Re: Kerberos tickets and one time passwords
Prev by thread: openssh gssapi ticket forward and heimdal 0.5.1
Next by thread: Re: Kerberos tickets and one time passwords
Index(es):
- Date
- Thread