[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding Support for External (One Time) Passwords

To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Adding Support for External (One Time) Passwords
From: "Douglas E. Engert" <deengert@anl.gov>
Date: Thu, 04 Oct 2007 14:30:10 -0500
In-Reply-To: <502259CD-4DE8-4197-A672-D3C3E8538416@jpl.nasa.gov>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <502259CD-4DE8-4197-A672-D3C3E8538416@jpl.nasa.gov>
Reply-To: heimdal-discuss@sics.se, "Douglas E. Engert" <deengert@anl.gov>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)



Henry B. Hotz wrote:
> . . . like OTP's.  I know the top entry points.  I can find the right 
> openssl routines and set breakpoints to get the whole call stack to find 
> where the relevant code paths are.
> 
> . . . but I expect it's also useful to ask for advice and pointers 
> here.  If the password (keys) aren't in the KDC's DB, but somewhere 
> else, where do I need to hook in?
> 
> I'm thinking of some code that gets activated if the hw-preauth flag is 
> set in the DB.  Where does it go?  Hmmm.
> 
> Maybe it really goes inside the HDB stuff, and it "makes up" a set of 
> keys when the record is read?  But does the system read a record more 
> than once per request?  (If so then by definition of "one time password" 
> it gets a different answer the second time.)
> 
> Anybody care to stream-of-consciousness some comments?

tomorrow, I am off to play some golf, it 80 degrees out and maybe the last good day.

> 
> Note:  I am not talking about a draft-ietf-krb-wg-kerberos-sam-03.txt, 
> or any of the other OTP proposals.  I'm talking about an actual password 
> that just happens to be determined by some external system.
> 
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

Follow-Ups:
- Re: Adding Support for External (One Time) Passwords
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Adding Support for External (One Time) Passwords
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Adding Support for External (One Time) Passwords
Next by Date: Re: Adding Support for External (One Time) Passwords
Prev by thread: Adding Support for External (One Time) Passwords
Next by thread: Re: Adding Support for External (One Time) Passwords
Index(es):
- Date
- Thread