On 06/16/2016 10:08 AM, laurent.bas...@i-carre.net wrote: > Hello all, > > Can you tell me if it is possible to get a TGT not entering a password, > but only using an OTP token ? > I found some tutorials on the internet (ie > http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none > works, the token is never asked : when I do kinit, only the password is > requested, and then I have to make a "kinit -T armor_ccache" for a token > been requested. > > And even if I don't do the command "kinit -T" I can access to machines... > > Regards, > > Laurent. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > OTP feature requires a FAST tunnel that is accomplished by having another key and identity on the client for the host. Then you first kinit with host and then use it with -T for user authentication.
-- Thank you, Dmitri Pal Engineering Director, Identity Management and Platform Security Red Hat, Inc. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
