When using the FAST OTP preauthentication module for the KDC, the OTP is passed to the KDC over an encrypted FAST channel. The KDC then passes the OTP over to a RADIUS server.
When the KDC communicates with a RADIUS server, can this be done over a more secure method such as EAP or PEAP? When OTP was first implemented in version 1.12, support for EAP was not included as stated here http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS : "RADIUS is not FIPS compliant due to the use of MD5 in the protocol. EAP might make RADIUS FIPS compliant and Fedora ships a libeap. Integration of EAP is not planned at this time". Has integration of EAP been included in more recent versions? If not, is there any plan to? Thanks, Luke ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
