Date: Wed, 22 Aug 2001 12:52:38 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Dave Ryan <dave.ryan@eircom.net> Cc: freebsd-security@FreeBSD.ORG Subject: kerberosV - SecurID Message-ID: <200108221652.f7MGqco61050@khavrinen.lcs.mit.edu> In-Reply-To: <20010822174157.A28071@alpha.eng.eircom.net> References: <3B83A8BC.BCF790A0@karolinelund.dk> <20010822140020.A1911@alpha.eng.eircom.net> <200108221628.f7MGSud60744@khavrinen.lcs.mit.edu> <20010822174157.A28071@alpha.eng.eircom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 22 Aug 2001 17:41:57 +0100, Dave Ryan <dave.ryan@eircom.net> said: > Does anyone know if RSA Securid OTP's are used anywhere to enhance the ticket > granting phase of a kerberos authentication sequence? Yes. I believe one of the USDOE-funded National Labs is doing so. The process is called ``preauthentication'' in Kerberos terminology. A principal whose REQUIRES_PREAUTH flag is set in the KDC's database must prove to the KDC's satisfaction that it is who it claims to be before the KDC will issue a TGT. (The principal still must have a password which is used as the decryption key for the TGT.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108221652.f7MGqco61050>