Douglas Song writes:
> On Tue, 30 Jul 1996, Michel Loyer wrote:
>
> > Does anyone know how to merge S/KEY authentification and AFS
> > authentification ?
>
> Cliff Neuman and Glen Zorn recently published an internet draft to
> incorporate S/Key and other OTP schemes into Kerberos V5 using existing
> preauthentication methods (draft-ietf-cat-kerberos-passwords-02.txt). I
> don't know that anyone's tried implementing it yet, but I will probably
> give it a try soon.
>
> I don't know that there would be an easy way to incorporate S/Key into
> Kerberos V4 (what AFS uses) since it lacks the preauthentication exchanges
> that can be used to do challenge/response. If anyone has any ideas on how
> else to do this, I'd love to hear them...
Sure, use Kerberos 5 to get the TGT then use the ak5log program to get
a K5 ticket for AFS which gets converted to a K4 ticket/token using
krb524d. This approach basicly replaces the kaserver and its
database and treats AFS services as another K5 application. See the
mods to k5b6 and a modified ak5log to do this at
ftp://achilles.ctd.anl.gov/pub/kerberos.v5
We are doing this using the DCE security server as the K5 KDC, but the
code should also work with the the K5b6 KDC as well.
>
> ---
> Douglas Song dugsong@{umich.edu,monkey.org}
> University of Michigan ITD GPCC Unix Services
> www: http://www-personal.umich.edu/~dugsong
> keyid: C2263445 fingerprint: BF F5 20 EA DA 2F C4 F4 7D 68 4A 50 E4 35 D1 17
>
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
PGP Key fingerprint = 20 2B 0C 78 43 8A 9C A6 29 F7 A3 6D 5E 30 A6 7F
