On Jun 4, 2007, at 2:38 PM, Peter Eriksson wrote: > Anyone working on implementing One Time Passwords for Kerberos? > > (For example based on this draft: http://www.ietf.org/internet- > drafts/draft-richards-otp-kerberos-02.txt)
There are deployed implementations based on some other drafts. I know NRL has deployed some stuff based on draft-ietf-krb-wg-kerberos- sam-03.txt. AFAIK nothing based on this one. IMO the interesting technical problem w.r.t. OTP is how you create intra-kdc state so a password can't be sniffed and re-used with a different KDC. You need to do this in a way that does not degrade the robustness of the service. ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
