We use TOTP. That allows us to tack the token on the end of the password. That makes it easy to fix programs that expect a simple password prompt.
In fact I have a wrapper that can be interposed around pretty much anything use LD_PRELOAD. https://github.com/clhedrick/kerberos/blob/master/radius-wrap/radius-wrap.c > On Oct 7, 2021, at 3:16 PM, Russ Allbery <[email protected]> wrote: > > Ken Hornstein <[email protected]> writes: > >> Huh, I _kinda_ thought that if you had FAST going, you got FAST OTP (on >> the client at least) for free! Which shows what I know. Maybe it works >> already and you never tested it? > > The bit that I suspect doesn't work is all the interactions between the > prompting and the prompt control options like use_first_pass. > > -- > Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/> > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
