We use TOTP. That allows us to tack the token on the end of the password. That makes it easy to fix programs that expect a simple password prompt.
In fact I have a wrapper that can be interposed around pretty much anything use LD_PRELOAD. https://github.com/clhedrick/kerberos/blob/master/radius-wrap/radius-wrap.c > On Oct 7, 2021, at 3:16 PM, Russ Allbery <ea...@eyrie.org> wrote: > > Ken Hornstein <k...@cmf.nrl.navy.mil> writes: > >> Huh, I _kinda_ thought that if you had FAST going, you got FAST OTP (on >> the client at least) for free! Which shows what I know. Maybe it works >> already and you never tested it? > > The bit that I suspect doesn't work is all the interactions between the > prompting and the prompt control options like use_first_pass. > > -- > Russ Allbery (ea...@eyrie.org) <https://www.eyrie.org/~eagle/> > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
