On Mon, Jun 04, 2007 at 02:38:20PM -0700, Peter Eriksson wrote: > Anyone working on implementing One Time Passwords for Kerberos? > > (For example based on this draft: > http://www.ietf.org/internet-drafts/draft-richards-otp-kerberos-02.txt)
No, nor should anyone be implementing it yet. The IETF KRB WG is very likely to encourage the authors to pursue a different approach -- ironically, one that is more similar to their original approach that the WG told them not to pursue. The new approach will likely depend on tunneling the OTP exchanges over a TLS or PKINIT tunnel with or without server certs. Nico --
