Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 10:04 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Nov 30, 2015 9:34 pm 
Offline

Joined: Sun Nov 29, 2015 6:44 pm
Posts: 3
Hi,

is it possible to use use the Yubikey with a Kerberos-Server to obtain the Kerberos tickets and has anybody sucessfully set up such a setup?

I don't care if it needs MIT or Heimdal Kerberos. Also challenge-response or OTP are fine (though the latter probably requires less changes in the client software).
The most recent thread I found for this topic is this one, and it's rather old with most of the links being broken by now.

Thanks


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Feb 01, 2016 3:00 am 
Offline

Joined: Mon Feb 01, 2016 2:33 am
Posts: 3
Have a look at FreeIPA, it's already integrated there.
It currently only works with MIT Kerberos on Linux.

Kerberos usually works like this: You request a Login for a certain ID, KDC sends you an encrypted message which you locally decrypt using your password. This obviously doesn't work with OTP.

For OTP FreeIPA uses the following:
You establish a secure channel to the KDC using anonymous PKINIT (you will have to verify the certificate), after that you send Password+OTP in clear text to the KDC, which can use any RADIUS server to verify it.

Other platforms:
Heimdal doesn't support OTP, MIT Kerberos for Windows has issues with PKINIT, Windows doesn't support it at all.
On Mac OS X, you can manually install MIT Kerberos.

It's probably easier to use the Yubikey as a smartcard and use certificate based login.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group