On 08/16/2018 06:41 PM, John Devitofranceschi wrote: > I’m thinking about securing Kerberos administrative principals (*/admin and > the like) with OTP using RADIUS. > > Will kadmin take kindly to that?
I believe it should be fine. We don't test that particular combination as far as I know, but we do test kadmin with anonymous PKINIT. I checked the code and it uses the appropriate interface to be able to prompt for an OTP code as well as the password. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
