Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

What the scientists have in their briefcases is terrifying. -- Nikita Khruschev

devel / comp.protocols.kerberos / Re: help with OTP

SubjectAuthor
o Re: help with OTPMatt Zagrabelny

1
Re: help with OTP

<mailman.71.1682523196.1964.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=354&group=comp.protocols.kerberos#354

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: mzagrabe@d.umn.edu (Matt Zagrabelny)
Newsgroups: comp.protocols.kerberos
Subject: Re: help with OTP
Date: Wed, 26 Apr 2023 10:32:24 -0500
Organization: TNet Consulting
Lines: 33
Message-ID: <mailman.71.1682523196.1964.kerberos@mit.edu>
References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
<CAOLfK3VEGixjZOy4BSsznHFf3KeKr7jynrfFDpLg3o-j3wBfhw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="4506"; mail-complaints-to="newsmaster@tnetconsulting.net"
Cc: BuzzSaw Code <buzzsaw.code@gmail.com>, kerberos <kerberos@mit.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Ya9sXhMUHHuTUVBgNeTGCNToWtmRzEshV9+1iiPA1BDwt3JASKkZ13u1KTHkNPm8FG/8WeAGioMiMobs9JAJ6cFL1C1OmzD1y1ndFKZ/2izNDKEkyGGa/hsGrE+1zD0JhVz3IIK1P4KnJyp5nP5ljf8w24hDVCW78Lc77VuPAtAJFxAW8ZEIdZZwRb0TO1de7vUMl4hE8zBP9p5c0vZJbNs459vnP0rPUsmd7LASyI4Sma0kLYCn1z4ez+jL3UXZGTAgH5HAaDbDjLUSjvNVsDkMdDcEZ6GGcwUDdm3ZqLo0QdfmbLJC9zf/Q2iim64IHaYVJ+3r0JroRiAzZdkkyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=TtKu3tU8apXF+dw0EtJ7lZxHvVgYRYoNIQKWKbrmfrc=;
b=aug6O6OyFFUlNz+9gMmM6pAaXXxo3EwNk5/LpBR1bEFk+A78uy7qy56i6scg6S2GBs8pR4ETyUir6Sd3aBz6yqMaxNvzMYdZ/ZCnkmDAWjY2Lv56dTJT9wN1tlrmIi8oXwRTaZLGt9M2epQgui/PFXliva7p/KRWK7R7mOHtBfIVqsaH3iy79TMCb8ZyfKCrTC44XNaYcDFT6rat1amYL5Xb0Q2WaOsztQk2ObTm4adLgZd45C0Qqr0g7ZQgkv/PVGOycvGdVnlhcQoJMLnW+GHZwrxvGRRKX8oOQ89BbaK7HiE/k9rwz26jsi0g/saRJP1mpHuvGLUG8SN3Hfo40A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
134.84.196.206) smtp.rcpttodomain=mit.edu smtp.mailfrom=d.umn.edu; dmarc=pass
(p=reject sp=reject pct=100) action=none header.from=d.umn.edu; dkim=pass
(signature was verified) header.d=d.umn.edu; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=TtKu3tU8apXF+dw0EtJ7lZxHvVgYRYoNIQKWKbrmfrc=;
b=XeZbv9KC8rCZbEIh5Za/oYhgBB24/Rej3hxpIcxuvRmTHFyKUDS5uk+1W97jK+V88Y8qWcPahU2K5kSx0OAdfZSdHoSnB7oukfcZuzr4eQ4hpWpTp+mYLE6qsXHba0BOGQeqFgVtHF67bGdX+caopvcz0UtL+uUlOCG6Lz7oNiE=
Authentication-Results: spf=pass (sender IP is 134.84.196.206)
smtp.mailfrom=d.umn.edu; dkim=pass (signature was verified)
header.d=d.umn.edu;dmarc=pass action=none header.from=d.umn.edu;
Received-SPF: Pass (protection.outlook.com: domain of d.umn.edu designates
134.84.196.206 as permitted sender) receiver=protection.outlook.com;
client-ip=134.84.196.206; helo=mta-p6.oit.umn.edu; pr=C
X-Virus-Scanned: amavisd-new at umn.edu
DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p6.oit.umn.edu 4Q62tY2HK0z9vC7l
DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p6.oit.umn.edu 4Q62tY2HK0z9vC7l
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=d.umn.edu; s=google; t=1682523156; x=1685115156;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:from:to:cc:subject:date
:message-id:reply-to;
bh=TtKu3tU8apXF+dw0EtJ7lZxHvVgYRYoNIQKWKbrmfrc=;
b=BGuhj8EZdn4/NWUuzdTcKzhJl4dJ1NIVPX/F+uRisYL4nT9yPSJry7mTYyP1jrD2fo
78VyResO8xhVKIgv4jxJkKGsfHb4sXGBKGO6udzUEVSAVFK8gKh7wOsBgJmAJWw1T7lU
silt9vtRQ7RX9MrDglE4fQvbGIrK0afRZ7PfKnxfckUsE9JWdT9arhDkBsEzoB3SP8HP
dyXeU5KtHuedASOQKPn/WcX/U7ZEHbqvFefzbPhEreshNPyW7tO3DN+9K97q1ZXX5Rpt
ITUsS9a1jPZM6ykt2xmKKZInqJo6dVOfPh3oRpA3GGX2Yl65kBNgz+GE+munDVtdOJ3/
5HqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1682523156; x=1685115156;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=TtKu3tU8apXF+dw0EtJ7lZxHvVgYRYoNIQKWKbrmfrc=;
b=PYvfqwyr9uEN3xQHqEUn/symBOamJgT1phnOG8IlFDREbCOV6bTihXxP0/rZJ6+amL
ZzjaTCLuP7vNuWK5RxYd5Tbniwa29UFJi0G+Y5r+D3tOHw54A6jJm8PUdxhgND/w8d2T
srZDtRupHPHIoI0pd50CSkMpvDAICvAk5JObf2ye0lU8Th0e4s1+YR/CbMSl5IT1mseg
80qWR0bfqQsCbDYPAWWBageR+LSI8vAoyvKNd0ZyKMEobmZKXOOwb8dBcEXBxD+eIRot
avLLVNpHDBtpQ6XfZ9ki6DSIcgS+zT6XwZqfXNf6tVlCG0g8X4D7zH7TRyjxtFo0QqBK
EsNQ==
X-Gm-Message-State: AAQBX9d7i9PlWM6SYNixx3CWvpz6ETg8TPBIvk0QtQ9627/46EInt3NB
yAaDjOJwWW6XHx3CIcdwgAEBrAnsEAMqFbKCsv/Dw3CgWsoXFsHvxjn3fDxc7wC0lXS/f/Oy7Za
0/qT39BqrFdnLOvQyPAdkF40IEuDZ
X-Received: by 2002:a17:90b:156:b0:246:fdcc:f84c with SMTP id
em22-20020a17090b015600b00246fdccf84cmr19512593pjb.35.1682523156615;
Wed, 26 Apr 2023 08:32:36 -0700 (PDT)
X-Google-Smtp-Source: AKy350ZVRvlJ4ADBgCriqLglRiHXoKUMDH9ygadmU2wkISRL0z1/68Px5wcyGhDSTP8TTqltKf4ThK5V0zME2Peik34=
X-Received: by 2002:a17:90b:156:b0:246:fdcc:f84c with SMTP id
em22-20020a17090b015600b00246fdccf84cmr19512576pjb.35.1682523156317; Wed, 26
Apr 2023 08:32:36 -0700 (PDT)
In-Reply-To: <CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6NAM11FT047:EE_|BN0PR01MB6909:EE_
X-MS-Office365-Filtering-Correlation-Id: 4eab4a35-0e63-47b5-278c-08db466b772d
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: m/NX/rd7Qc2APSGP8LrAXtWKuNoCI2x/5K+4MjbnJ5PEPYoxQxYXFgObmPKKQUaMDFweGNj1CMsEDxgRQ+kHojpPLR1fT0hoSg7fZXcifGeRnKCF/f26vKrk7RDqNYWU94fdKlZXQxDjX9cMd2dt/cTMX3XxRZ91V5iEUmy6oIgFcKG4/DkUXzyA1sPMj70425oVRgCt4aSdbGyB+7T4vRP+TSlfGWKl71xd3UXoVFISjUWudJ5irbh9wCbDzHKobIQda4Q29Rma0blnsruioSXsFMU4dmaYrmRUbFvAF5EqBOPCZu+RN5MxceoLV2CfRzwJyVz1VPiGuMNRc4tcdkV3BUhh83nbal0atXXdoOyE2Bk1Zz2SCDTloHPhLRxwpPdazg3PSGL8f62hr2b36uw02OdiNa9f1v8PjfEVmJqg5rE1r8fqiYixoSmECha/1eTUwgpBWdzsJ4oaNeERoV4g2tUFOZW0C7mt5/cx+wXjQx2mzzD/hXzS156/8UzO+IMVUaJIV0JAQfVooMKUo+fW7fcYdQahwx8z/V3TiEVi9juOljSz+dIdbcSGydP4jDD8arimPySjSznldnFjZokyE1a3BcB8IK5uoT7njc4=
X-Forefront-Antispam-Report: CIP:134.84.196.206; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:mta-p6.oit.umn.edu; PTR:mta-p6.oit.umn.edu; CAT:NONE;
SFS:(13230028)(4636009)(396003)(376002)(136003)(39860400002)(346002)(451199021)(7116003)(5660300002)(2906002)(4744005)(6862004)(8676002)(75432002)(86362001)(55446002)(6666004)(26005)(9686003)(3480700007)(54906003)(498600001)(83380400001)(336012)(53546011)(68406010)(70586007)(7596003)(42186006)(316002)(786003)(356005)(4326008);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Apr 2023 15:32:37.7481 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4eab4a35-0e63-47b5-278c-08db466b772d
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: DM6NAM11FT047.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR01MB6909
X-OriginatorOrg: mitprod.onmicrosoft.com
X-MIME-Autoconverted: from quoted-printable to 8bit by mailman.mit.edu id
33QFXEYP3478957
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <CAOLfK3VEGixjZOy4BSsznHFf3KeKr7jynrfFDpLg3o-j3wBfhw@mail.gmail.com>
X-Mailman-Original-References: <CAOLfK3WVppnk3eouiLTxhiR5gXQcCVd7K5xr_erP=y_RkeVpPw@mail.gmail.com>
<202304242225.33OMPJdw026540@hedwig.cmf.nrl.navy.mil>
<CAOLfK3XZF95-XoaW8y8cMrMETpWQNV-=EEkMyreo18WXH5M3sg@mail.gmail.com>
<CAJhaRZ+wc0N_YX06jdsh8iHTSn1dJoH3bn6q6Mm0V35h-8FARg@mail.gmail.com>
<CAOLfK3Xs9X25-jY+GjXqmNEOYbSNSVMXdBojX=k28FWqenWG+A@mail.gmail.com>
<CAJhaRZJP+Cz0RkSyOaWmjH5UHjye43k7B9G=dRechpN3Ad4qXg@mail.gmail.com>
<CAOLfK3VOZSNFhpkSKy5XsaA2mFUDVCGdjjZdna_O8M2RaAZPyw@mail.gmail.com>
<202304260001.33Q01xYH024064@hedwig.cmf.nrl.navy.mil>
<CAOLfK3X+3LSdOfA0vpDDiPi3RC7GUb73+jZTYje7sjDfQVu96g@mail.gmail.com>
 by: Matt Zagrabelny - Wed, 26 Apr 2023 15:32 UTC

[Probably solved!]

On Wed, Apr 26, 2023 at 10:12 AM Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
>
> Whoops. Looks like I need:
>
> sudo apt install krb5-pkinit

Fool me once shame on me, fool me twice shame on me!

I also neglected to add the krb5-otp package to the KDC server.

Now I get:

$ kdestroy
$ kinit -n -c /tmp/somecache
$ kinit -T /tmp/somecache
Enter OTP Token Value:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: bob@MYDOMAIN.COM

Valid starting Expires Service principal
04/26/2023 10:26:41 04/26/2023 20:26:41 krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
renew until 04/27/2023 10:26:29

This is all on my test system. Still need to try in production, but it
looks, and feels!, pretty good.

Thanks for all the help!

-m

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor