Gopal, It is not easy, but once it is done you get a nice solution - see below :
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gopal Paliwal Sent: 25 July 2007 21:31 To: [email protected] Subject: Implementing OTP mechanism with existing kerberos Hi, I am implementing OTP mechanism in the existing kerberos. I have set up pre-auth mechanism to authenticate the clients. Now, the user will be asked password+OTP instead of just password. i will be generating this OTP with a hardware token. Also, i will be encrypting time-stamp with password & OTP. At the kerberos authentication server, I will be able to generate a OTP. Now, the problem which I will face is that kerberos doesn't store passwords in clear form. & I somehow need to form a key at kerberos authentication server side to decrypt the time-stamp sent in the AS_REQ message by user. That key will be made up of OTP + password. Can someone point me out the mechanism as to how can I obtain password in clear form or other way with which I will be able to resolve my doubt. -gopal ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
