On Tue, Sep 16, 2014 at 9:06 PM, Ray Van Dolson <rvandol...@esri.com> wrote:
> - Administrators need some sort of two-factor authentication to obtain > a valid Kerberos ticket (when they log in to Windows for example). > One way to do this is using preauth based on a token (think Google Authenticator or RSA soft tokens) instead of the standard mechanism (encrypting a timestamp with the normal password). PKINIT may also figure into it if you're looking to avoid all use of traditional passwords. That said, I don't know if or how well AD supports either. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
