Gopal Paliwal wrote: > Hi, > > I am implementing OTP mechanism in the existing kerberos. > I have set up pre-auth mechanism to authenticate the clients. > Now, the user will be asked password+OTP instead of just password. i will be > generating this OTP with a hardware token. > > Also, i will be encrypting time-stamp with password & OTP. > At the kerberos authentication server, I will be able to generate a OTP. > > Now, the problem which I will face is that kerberos doesn't store passwords > in clear form. & I somehow need to form a key at kerberos authentication > server side to decrypt the time-stamp sent in the AS_REQ message by user. > That key will be made up of OTP + password. > Can someone point me out the mechanism as to how can I obtain password in > clear form or other way with which I will be able to resolve my doubt. >
Google for IETF Kerberos OTP and start with http://www.ietf.org/internet-drafts/draft-richards-otp-kerberos-03.txt This covers a lot of the issues, it is not an easy problem. > -gopal > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
