Grant Taylor <[email protected]> writes: > On 1/8/19 6:02 PM, Robbie Harwood wrote: > >> Also! 2FA will mitigate this concern somewhat as well. > > I was wondering about 2nd factor authentication. I have a YubiKey > that's waiting for my attention. > > Would I be correct in assuming that (from a Kerberos point of view) > the 1st and 2nd factors are used during the kinit process? Meaning > that all of the SSO functions still work unimpeded?
Correct. As an additional note, second factors (and PKINIT etc.) can set what we call auth indicators: http://web.mit.edu/kerberos/krb5-latest/doc/admin/auth_indicator.html Applications can use these to mandate certain authentication properties (e.g., used 2fa) on requests. Thanks, --Robbie
signature.asc
Description: PGP signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
