In <[🔎] 87ws6gppyi.fsf@windlord.stanford.edu>, Russ Allbery wrote: >Peter Jordan <usernetwork@gmx.info> writes: >> Russ Allbery, Fri Jul 10 2009 00:56:57 GMT+0200 (CEST): >>> Not without applying custom patches that are rather a hack. You can, >>> however, do PKINIT, which lets you use smart cards that can do X.509 >>> authentication (some of which are quite inexpensive these days). >>> We're evaluating the DESfire cards for our purposes. >> >> hmmm, that does not solve the problem, when i have to login from a >> insecure computer (ie Internet cafe) . I know, you have not connect to >> your network from insecure computers, but sometimes you have not the >> choice. > >But yes, you don't want to get Kerberos tickets on an insecure system. I thought tickets only lasted for a small period of time, and could be expired early if need be so that you could use them on insecure machines. -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.