Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Stupidity, like virtue, is its own reward.


devel / comp.protocols.kerberos / Re: help with OTP

SubjectAuthor
o Re: help with OTPKen Hornstein

1
Re: help with OTP

<mailman.2.1704466962.2322.kerberos@mit.edu>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=453&group=comp.protocols.kerberos#453

 copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!news.1d4.us!news.quux.org!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: ken...@cmf.nrl.navy.mil (Ken Hornstein)
Newsgroups: comp.protocols.kerberos
Subject: Re: help with OTP
Date: Fri, 05 Jan 2024 10:02:27 -0500
Organization: TNet Consulting
Lines: 16
Message-ID: <mailman.2.1704466962.2322.kerberos@mit.edu>
References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
<202304261629.33QGTlJ8015728@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XRaYoT+NgbjDCbEaKow36QpTjrFrjGO-jGW96=7z9u_A@mail.gmail.com>
<CAOLfK3U9K+htja6eUzuwisSOQ6SnJSz3bDejaLvKE8b8o8rGZQ@mail.gmail.com>
<202401051502.405F2RA8011173@hedwig.cmf.nrl.navy.mil>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="17447"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: kerberos <kerberos@mit.edu>
To: Matt Zagrabelny <mzagrabe@d.umn.edu>
DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid)
Authentication-Results: mailman.mit.edu;
dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256
header.s=selector2-mitprod-onmicrosoft-com header.b=st98YUxb;
dkim=pass (2048-bit key,
unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256
header.s=s2.dkim header.b=TsLelows
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=l5EZPErTc8X2Nc6VO4MkfOF5s/hyZO+apbXPApSddE56Yv3ATnrtwgA+phq0j2XID9+O8sdGHCWsLCJQTDHpt3J0QPhGBHtQU3phO9MfczzD4Op5x2G3nEabI6FrPRXTw/C5EnWR97BtMRFxYuELWsrm+u1fpepeyl3Yedp/ONieMuG4EzmJHmvR4fmrRZzMJEegQtB1LwJ9boTNMaE/LtiJLY/aphvXQ4+FxwBGgs6VE7b5YldqVLtbkUrRvbjz3IX6Ew81PtwibipW+REhiNY0+OwfNYN7Rgo3mZW3fWtaJaw+MhZEb7VIEwNO1iX/yeHNqpH75cPMWg7Rerb7kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=r/AgUux4q9Hb2WteMsfrH74qh8BrAFZxH9JU9t28gCA=;
b=bziTVpxSlsZ4rSI8qFHg/CvUXuZm6Nzcq8W9zohCN0T3cyVkcazUoda6/wEklAhuRxDZAvr7UeS9wL3xj2Ss8KwHETvenVCb6pX6NvsLxbahZi+FoSzGpF6ESzEqpged4URwi5+6Ru01dGcTyw/emaG2m/Fznri3/grLq+jmAFaWRogtwtjMv9QSk4B/dzitJxiELgOYV7fUi5bFGsTkd2Sh/DQL+oJT7GMP2f5tlGnxbMW7tLzRL5F7RrHg7b52oQls12jAMPG1OZsfMrGnpr9P3TZo+XJUy9rx0G9MrUhuuYUyEK4KV0A5mRiH4Yk+E87Qm0XBayCYJoO7deZBxg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
140.32.61.234) smtp.rcpttodomain=mit.edu smtp.mailfrom=cmf.nrl.navy.mil;
dmarc=pass (p=reject sp=reject pct=100) action=none
header.from=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=r/AgUux4q9Hb2WteMsfrH74qh8BrAFZxH9JU9t28gCA=;
b=st98YUxbErTGt13ZcGUb7eI9vkm2r3eeS1mrhkA79wzI1NDIQ9CPgJ6qqxRJG4EBlz45GNR8ncGvHautlMkQAzN6T0TIHgi96T2mzwazGYOeamHix/oqDuruLh9wt6zYnhE0IXshggsiCMdZ6UAI5Duh0ov7ZpRWp0cg0SBBV7o=
Authentication-Results: spf=pass (sender IP is 140.32.61.234)
smtp.mailfrom=cmf.nrl.navy.mil; dkim=pass (signature was verified)
header.d=nrl.navy.mil;dmarc=pass action=none header.from=cmf.nrl.navy.mil;
Received-SPF: Pass (protection.outlook.com: domain of cmf.nrl.navy.mil
designates 140.32.61.234 as permitted sender)
receiver=protection.outlook.com; client-ip=140.32.61.234; helo=mf.dren.mil;
pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil;
h=message-id : from :
to : cc : subject : in-reply-to : references : mime-version : content-type
: date; s=s2.dkim; bh=r/AgUux4q9Hb2WteMsfrH74qh8BrAFZxH9JU9t28gCA=;
b=TsLelowsP7wNsNJhka5+fOVS7y/d2IThuMCDriFynLVlrTeS1J2/81ZYJujYLD+rJiwD
HF35zUHy4YLqPw+g4hatqJoyzw7ptOekGAXp6uPK117Nzv78/sdgf/IplrkznGnw0M9x
G0Rpx4pI0x7/KMzw1rpkMAy9E81bho0Su9B5o2EEvdzZz+igv1KYzJ1eicKF/s3HQh+9
oQzR9RibfefdoI24TDVoba8GvBtNtMmaiKnfsyGAN+lGKb6ePB2FARHFlulioyo6CCCX
dLosLbhou6ojrL17Rwvu61rL49WptNWaQaWWk42udyUc5rQDRueSxmW/je9o3y0DIHYH ow==
In-Reply-To: <CAOLfK3U9K+htja6eUzuwisSOQ6SnJSz3bDejaLvKE8b8o8rGZQ@mail.gmail.com>
X-Face: "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4
WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d
gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e`
X-NRLCMF-Spam-Score: () hits=0 User Authenticated
X-NRLCMF-Virus-Scanned:
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FD:EE_|BL1PR01MB7650:EE_
X-MS-Office365-Filtering-Correlation-Id: e8737636-dbcd-4cdb-f576-08dc0dff5aa2
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: ZXNJUpKcpQRaxFq5CzOT5BXuKkuRWV0zeGerSuDgAbHTBeodwrHnj29KRZgqYqk6E7R2tAitwmpIrHUSD4nRWAPH6t6mxgltZGdVhfe+lNVoE+h5ZY4qu0B7zxej2ySDeWssVi6mN/wBUsKigttgVIl7e9l1M//OYXrtMG7BDPaZQWuXZ8uHLt7RVyqHvWyfPQ70VrUjXd7NWI8QzVtFltEhFHK68d+0cTrGnbgdkTPFSmgPpjQmUUs++FCrR1r5SeMxwP4eCDgcXvu40yXGNdUoDVxpywWdgpaCAmAD4Z1ujZWo72xy00dvXZz8oFWLUOtitSyLF56LKWEn/VQmPuwaZ1GVlKTunv2ot+AjC8QxiYcyUlhUBrbzF8/IAEmHKgqvLaiTlhu9OQN2nVK7zzLKLXZEc2saKFjEwSLSa8vE5KZNAQtAQ8a+q8KsFzvC9RrgOG1inCb51810s34IxG5e5L+Nk/CdFneutJmqPiSRwoMsSvKivhyIbnxWYVKL+AZb7lDGuEI1732VZZko9iWPwnL2VDdHPnxmz9zEQnOtMHpqxJAJCiaJkE0liQ+9B9fP5yH3MAoIOnPSo8Ty1wEhFoZx/8WEPS3J98hFT1oqpm7wUXD91iIhF49eJeFJB3Hpuhou4UfnglQ3XgKtOg==
X-Forefront-Antispam-Report: CIP:140.32.61.234; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mf.dren.mil; PTR:mfw.dren.mil; CAT:NONE;
SFS:(13230031)(4636009)(136003)(376002)(346002)(39860400002)(396003)(451199024)(64100799003)(48200799006)(61400799012)(498600001)(336012)(3480700007)(2906002)(83380400001)(1076003)(5660300002)(356005)(68406010)(4744005)(316002)(26005)(786003)(8676002)(426003)(956004)(7116003)(4326008)(6862004)(70586007)(86362001)(7636003)(33656002);
DIR:OUT; SFP:1102;
X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 15:02:36.6812 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e8737636-dbcd-4cdb-f576-08dc0dff5aa2
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: CO1PEPF000044FD.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR01MB7650
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <202401051502.405F2RA8011173@hedwig.cmf.nrl.navy.mil>
X-Mailman-Original-References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
<202304261629.33QGTlJ8015728@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XRaYoT+NgbjDCbEaKow36QpTjrFrjGO-jGW96=7z9u_A@mail.gmail.com>
<CAOLfK3U9K+htja6eUzuwisSOQ6SnJSz3bDejaLvKE8b8o8rGZQ@mail.gmail.com>
 by: Ken Hornstein - Fri, 5 Jan 2024 15:02 UTC

>Krb5 devs,

I'm not an official MIT krb5 developer, so I can't speak for them. But
in my experience things like this tend to be the most successful when they
are submitted as pull requests. That was my plan, eventually.

>Any thoughts about extending kinit to natively perform the two step process
>in the alias above? (And also have an option in /etc/krb5.conf so that it
>is "on" by default?)

I think this COULD be useful, but it would be more complicated. Also,
were you thinking of just changing the function of the kinit command
or ANYTHING that does the same things as kinit? The latter is much
gnarlier.

--Ken

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor