Re: HEAD's UP: possible 0day SSH exploit in the wild
Russ Allbery, Fri Jul 10 2009 00:56:57 GMT+0200 (CEST):
> Peter Jordan <usernetwork@gmx.info> writes:
>
>> btw is it possible to use any kind of one time password mechanism with
>> mit kdc?
>
> Not without applying custom patches that are rather a hack. You can,
> however, do PKINIT, which lets you use smart cards that can do X.509
> authentication (some of which are quite inexpensive these days). We're
> evaluating the DESfire cards for our purposes.
>
hmmm, that does not solve the problem, when i have to login from a
insecure computer (ie Internet cafe) . I know, you have not connect to
your network from insecure computers, but sometimes you have not the choice.
PJ
Reply to: