BuzzSaw Code <buzzsaw.c...@gmail.com> writes: > We want the full OTP+password string just passed without modification.
Ah, okay, so then in theory the problem could be solved entirely within the Kerberos libraries, although I haven't wrapped my mind around the problem Greg identified. > It would also be nice if when we use > try_first_pass/use_first_pass/force_first_pass options with pam_krb5 > that it actually did that in the OTP case without the extra prompt. > no_prompt doesn't help as the password doesn't stay on the stack. I'm assuming this is because the Kerberos library doesn't think that the passed-in password can be sent after the FAST negotiation and therefore re-prompts internally? I'm not sure I entirely understand the logic flow here. -- Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
