On 08/26/2016 04:38 PM, Diogenes Jesus wrote: > >> I was able to configure a krb5-1.14.2 KDC to use FAST OTP with an RSA >> Authentication Manager Radius server. >> >> I have a couple of questions: >> >> >> ยท FAST requires an existing ticket cache. If you need a TGT to get >> a FAST OTP TGT how do you do that? > One way is to enable Anonymous support > (http://k5wiki.kerberos.org/wiki/Anonymous_kerberos) - DONT forget to > restrict anonymous to tgt only on your kdcs! > > Dio > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > OK you can use host key to armor the FAST tunnel for a client system if your host is also a part of the Kerberos realm. You can check FreeIPA project, there all these pieces are integrated and automated.
-- Thank you, Dmitri Pal Engineering Director, Identity Management and Platform Security Red Hat, Inc. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
