Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

The universe is all a spin-off of the Big Bang.

devel / comp.protocols.kerberos / Re: help with OTP

SubjectAuthor
o Re: help with OTPMatt Zagrabelny

1
Re: help with OTP

<mailman.1.1704465127.2322.kerberos@mit.edu>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=452&group=comp.protocols.kerberos#452

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: mzagr...@d.umn.edu (Matt Zagrabelny)
Newsgroups: comp.protocols.kerberos
Subject: Re: help with OTP
Date: Fri, 5 Jan 2024 08:31:44 -0600
Organization: TNet Consulting
Lines: 34
Message-ID: <mailman.1.1704465127.2322.kerberos@mit.edu>
References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
<202304261629.33QGTlJ8015728@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XRaYoT+NgbjDCbEaKow36QpTjrFrjGO-jGW96=7z9u_A@mail.gmail.com>
<CAOLfK3U9K+htja6eUzuwisSOQ6SnJSz3bDejaLvKE8b8o8rGZQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="10684"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos <kerberos@mit.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=UONNwgeM;
dkim=pass (2048-bit key,
unprotected) header.d=d.umn.edu header.i=@d.umn.edu header.a=rsa-sha256
header.s=google header.b=Q0+l89Ox
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Oc4tZoce7y/h5FE41FSkehkgTrDz9t+A5Sn5bxRubdmOh7y5IoJUvJB6FOmoldbhQjhCzwfjLcAVtBlYK4c73rfjNCqRYunMfolZHpcpGp7ria6TdqjZLWudf/kEr93WQAVIxtAnlaYLJepRpQS2kXe/4Icf1oTuEL9kR/hoX4v/XecaaFtsgtlZEowcLzuSU9ZVrzSDIqrkL6GM523I55qfKNtJYyw8MmhTizlMakurCjfDhrrFgBZZd5utSGNkWWw6aHyYFLQsy7FrVK3+mFvXU5Qs1CYyJCcYnB1jEF+tIpvXB/Zcj+OfVnHyx1xmJVpEXMETpqb6aSZHV7mzEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yjyZs9EyHLffI4dzDNIHztHzTPTU9w2PeCw8vvCxQQs=;
b=NmbupQ1ewJcEBTjl5bVbs4F6qovS2LlqFL7nnbLdi3lmlMbqNfH7zIP3gnaHmnt7Yvw6NKFDPNW4qo02kgi2KZf7aozw5Aj5nHvJUNbXcQfogAmtp+c1l6Ey0i+oGnKDOQwsCbiz1gZdtGP7JgfNsH/2Q2+G/fZ2qnXo12lx3nRO0AQLth4/vxWrxjCxkrAXdaejUNDDzb0WiaylNfOUv82JDAyXewRZLlx/QVekfOp8XpQ4VAEFSrtBwQkThcoNElZHKKCpiyZvIsc6+cbEWwrSXY4744cwOSqCUIPUXKSZ7826TL7ZHhaRDUOtC8dSxxn83bmIK1TCuf99ETsZUg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
134.84.196.208) smtp.rcpttodomain=mit.edu smtp.mailfrom=d.umn.edu; dmarc=pass
(p=reject sp=reject pct=100) action=none header.from=d.umn.edu; dkim=pass
(signature was verified) header.d=d.umn.edu; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yjyZs9EyHLffI4dzDNIHztHzTPTU9w2PeCw8vvCxQQs=;
b=UONNwgeMwLa1jnEbgXUzYwJPEvvZVQ/Ewsooj28bimoWzOaKvdJecyHDg0R9+57i/xKirC+KP1NuiYXViAvx0WANFCK9vaBX4s6pe5FbmV8OBw09VeprjraHDlz2Ep5vUme7VVmhNWJBDwz+BZXtwuQuqgCDpVWv9MeGtNRdDDk=
Authentication-Results: spf=pass (sender IP is 134.84.196.208)
smtp.mailfrom=d.umn.edu; dkim=pass (signature was verified)
header.d=d.umn.edu;dmarc=pass action=none header.from=d.umn.edu;
Received-SPF: Pass (protection.outlook.com: domain of d.umn.edu designates
134.84.196.208 as permitted sender) receiver=protection.outlook.com;
client-ip=134.84.196.208; helo=mta-p8.oit.umn.edu; pr=C
X-Virus-Scanned: amavisd-new at umn.edu
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p8.oit.umn.edu 4T65WL2RgNz9vBsq
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p8.oit.umn.edu 4T65WL2RgNz9vBsq
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=d.umn.edu; s=google; t=1704465117; x=1705069917; darn=mit.edu;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=yjyZs9EyHLffI4dzDNIHztHzTPTU9w2PeCw8vvCxQQs=;
b=Q0+l89Ox0k6PbFfquTQOqSJsp7C/jkJEL7Hyv6uYNUUqqslS3QY0B5lpJGPqX8pzuW
auUZ7uhwMJQRUBvrtvF6XOgSjRRP35Avh3QO4cFrTzKVo9IWOB4k/+To6/bOku9GWpHK
6hfLGod8RTWDxtU9x8LIzTR3MgVdgtRjfa6JlxSsdily1UA5XWCK776YsoTP3TjiuQ2q
h5f9t3hrJ+URNVFV3s3p9Z09vT8ZlvCRCfG6kV+fElTdKhJ9SZAaWKanoOF7mi3zRpas
Gx6WVHcsbtWC30a2l5/v+ppV+H0KK2IG0A2hRF0AXYhxaBn/eBm7vxMM3OlRbk4S4x6u
YECg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1704465117; x=1705069917;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=yjyZs9EyHLffI4dzDNIHztHzTPTU9w2PeCw8vvCxQQs=;
b=eS9JW9CszEnonV+/VR4AiN+Y+DJGXva+0LHYijZhekEJj9BG1uBBR99kv31lfHieNg
BQ/GzAFKotJwgslz41s8oLa595OXOueXQ02OtO+iI/OF9PYjdltZOtvFuc/n8NC0qm2M
vvqQ4FU7cMfzHrthjzfWjZngYWxJEQhPDA8G2yiiIzYvW/IohsculJTByqqbaVuy+XXF
89TKGuPEmy8znSmhdG/0/EE9q5y96BMpawDBb5WdRlTZhFRFAd3VrpWNf0lDRPT1CtN4
k48seAO2ITzegRdJuSrqIFsuXFtJP2gb8Pz1sZU+t7Ft6MPxnsoKwAwvZiivWdDB4W/W
/5tQ==
X-Gm-Message-State: AOJu0Yztb2AuYLVtUK8IGE+du4Z0TVeAcz6aEz3EM6imk5wOdHy2cuLV
VaMNjf0smtO0I0EQXyICGnQgY4oKEAHnUPVMKxXYRHZjICXs+LIrvdVx+0mMUY8RHvy1rVAXyRK
GUKE0xHuVvVbsoFLnnAJV5bIl2YBcIUr9254XuysmAodgmw==
X-Received: by 2002:a17:90a:3186:b0:28b:e61f:5616 with SMTP id
j6-20020a17090a318600b0028be61f5616mr1975517pjb.42.1704465117247;
Fri, 05 Jan 2024 06:31:57 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHVl/Wiswq9r6ej121/AZqP9dZSCkqce+VQskEyxXm4HgKrvPdRatGlKjtVIrBZxZi/PngdLPDGJnzic/wmRo8=
X-Received: by 2002:a17:90a:3186:b0:28b:e61f:5616 with SMTP id
j6-20020a17090a318600b0028be61f5616mr1975511pjb.42.1704465116960; Fri, 05 Jan
2024 06:31:56 -0800 (PST)
In-Reply-To: <CAOLfK3XRaYoT+NgbjDCbEaKow36QpTjrFrjGO-jGW96=7z9u_A@mail.gmail.com>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MN1PEPF0000ECD7:EE_|DM4PR01MB7882:EE_
X-MS-Office365-Filtering-Correlation-Id: 8a2465dc-c233-40ad-534e-08dc0dfb1351
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: qJ4EVbxnqEBsceR+BNPWmtYkPb+N+npUvWLhTLz6mHsLSPGxdNuGa34sjubl1X90GnnNU07jxldXeGGghJ8Sy2yEnqLRLn74CQs2UJQOSGu/tcmWrum/ceW9XFO1/d3CMT+hudyNilIrtpxKArzhRxu+SMTtbMd3l+QXoaiIf15C9KvZ82sLKy3+uF0Y97ZVV+8j9Hwe4uqNsbUDAtD0VP1PVXn5roQ17HS3+FbMDh2aXROr7u1XShI16b/Ur/20UK+6Oxbi+Rnl1vh9jJk+uJQqzPBLkDycJ5haloMIq7n+FoNuPV3XvBvQc/m2GqzOLUWoZ3wQb1V+3MIiTgxYc7XalhiDAkyrR9wdo/BpdGaMkLYbvTKmFxW8Xnf/Z7mnGqDP/ZNs3BwfwWt74fZdWRu2trVuIlyfvepnz26c4stWfbeRwnxer964qVXz6ViyPjZ35ezgoePKbpz2te5alYSkpf6zrfQHnSq7sTCqK5DCuYcp7IKSGWJ+dbUzdq2SqDEAblrS/Mqt2IYjFCctsuDsbrBypwkWT7/wYD0YKUrWZI3RzadDAiAgRdGON3vRSS9Y5mlVN1yII+ReA4MTkDBcEZ9lJnF9/8479I7941BGGHye+IvkKVBz6rDe0AdzFbalAsCCiHSQHqGrTv8+D8qjmNCafvz862OBevgkajW3fXWprzJ00STcZvUoaM6D
X-Forefront-Antispam-Report: CIP:134.84.196.208; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mta-p8.oit.umn.edu; PTR:mta-p8.oit.umn.edu; CAT:NONE;
SFS:(13230031)(4636009)(39860400002)(396003)(346002)(376002)(136003)(48200799006)(64100799003)(451199024)(61400799012)(83380400001)(68406010)(70586007)(75432002)(7596003)(356005)(55446002)(86362001)(316002)(786003)(3480700007)(5660300002)(26005)(9686003)(53546011)(336012)(6666004)(2906002)(42186006)(33964004)(498600001)(8676002)(6862004)(4326008)(7116003)(67856001);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 14:31:59.0567 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8a2465dc-c233-40ad-534e-08dc0dfb1351
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: MN1PEPF0000ECD7.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR01MB7882
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CAOLfK3U9K+htja6eUzuwisSOQ6SnJSz3bDejaLvKE8b8o8rGZQ@mail.gmail.com>
X-Mailman-Original-References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
<202304261629.33QGTlJ8015728@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XRaYoT+NgbjDCbEaKow36QpTjrFrjGO-jGW96=7z9u_A@mail.gmail.com>
 by: Matt Zagrabelny - Fri, 5 Jan 2024 14:31 UTC

On Wed, Apr 26, 2023 at 11:41 AM Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:

> On Wed, Apr 26, 2023 at 11:29 AM Ken Hornstein <kenh@cmf.nrl.navy..mil>
> wrote:
>
>
> > It does occur to me a useful addition to kinit might be a flag that
> > means "authenticate using anonymous PKINIT and then use those
> > credentials as a FAST armour credential cache" so you wouldn't have
> > to muck around with juggling credential caches.
>
> That would be great and would eliminate an impending shell alias for me:
>
> alias kinit-otp='kinit -n -c /tmp/somecache; kinit -T /tmp/somecache'
>

Krb5 devs,

Any thoughts about extending kinit to natively perform the two step process
in the alias above? (And also have an option in /etc/krb5.conf so that it
is "on" by default?)

Maybe:

kinit --anonymous-cache-credentials

[libdefaults]
anonymous-cache-credentials = true

Thanks for the consideration!

-m

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor