From owner-freebsd-security Wed Aug 22 15:57:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from smtp-1.enteract.com (smtp-1.enteract.com [207.229.143.33]) by hub.freebsd.org (Postfix) with ESMTP id 36C2237B409 for ; Wed, 22 Aug 2001 15:57:05 -0700 (PDT) (envelope-from tez@enteract.com) Received: from shell-1.enteract.com (shell-1.enteract.com [207.229.143.40]) by smtp-1.enteract.com (Postfix) with ESMTP id 8F0667E29; Wed, 22 Aug 2001 17:57:04 -0500 (CDT) Date: Wed, 22 Aug 2001 17:57:04 -0500 (CDT) From: Tim Zingelman Reply-To: tez@enteract.com To: freebsd-security@FreeBSD.ORG Cc: Dave Ryan Subject: Re: kerberosV - SecurID Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 22 Aug 2001, Dave Ryan wrote: > Does anyone know if RSA Securid OTP's are used anywhere to enhance the > ticket granting phase of a kerberos authentication sequence? The place I work uses hardware challenge/response tokens from www.cryptocard.com integrated into our (MIT based) kdc. If you are coming from a non-kerberos aware location (ie. you have no ticket), you are challenged with a code that you type into the card and use the response as a one time password. The cards also require a PIN number to operate. None of our machines are supposed to accept a password except at the console. - Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message