Hi Laurent. Alternatively you can enable anonymous authentication (don't forget to restrict anonymous to only TGT in kdc.conf).
That way it's not required to kinit with host first (you just kinit -n). Dio > On 29 Jun 2016, at 16:06, <[email protected]> > <[email protected]> wrote: > > Hello Dmitri, > > Thanks for your reply, it's working fine now. > > Regards > > Laurent BASTET > > Le 16/06/2016 17:22, �[email protected])" a écrit : >> On 06/16/2016 10:08 AM, [email protected] wrote: >>> Hello all, >>> >>> Can you tell me if it is possible to get a TGT not entering a password, >>> but only using an OTP token ? >>> I found some tutorials on the internet (ie >>> http://web.mit.edu/Kerberos/krb5-1.13/doc/admin/otp.html), but none >>> works, the token is never asked : when I do kinit, only the password is >>> requested, and then I have to make a "kinit -T armor_ccache" for a token >>> been requested. >>> >>> And even if I don't do the command "kinit -T" I can access to machines... >>> >>> Regards, >>> >>> Laurent. >>> ________________________________________________ >>> Kerberos mailing list [email protected] >>> https://mailman.mit.edu/mailman/listinfo/kerberos >> OTP feature requires a FAST tunnel that is accomplished by having >> another key and identity on the client for the host. >> Then you first kinit with host and then use it with -T for user >> authentication. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
