Re: HEAD's UP: possible 0day SSH exploit in the wild
Peter Jordan <usernetwork@gmx.info> writes:
> btw is it possible to use any kind of one time password mechanism with
> mit kdc?
Not without applying custom patches that are rather a hack. You can,
however, do PKINIT, which lets you use smart cards that can do X.509
authentication (some of which are quite inexpensive these days). We're
evaluating the DESfire cards for our purposes.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: