Hi BuzzSaw, Thanks for the reply!
On Tue, Apr 25, 2023 at 1:33 PM BuzzSaw Code <buzzsaw.c...@gmail.com> wrote: > > What we did: > - in your kdc.conf: > > [otp] > DEFAULT = { > server = localhost6:1812 > secret = secrettfile > strip_realm = true > } > > This assumes your kdc runs a local RADIUS server that will answer up > OTP requests. Change as needed. Got it. > > > - create the file 'secretfile' with your shared RADIUS secret in the > same directory as kdc.conf > > - kadmin -q 'addprinc -randkey WELLKNOWN/ANONYMOUS' -randkey. Do I need to know what the passphrase is? > > - kadmin -q 'modprinc +requires_preauth user > - kadmin -q 'setstr user otp []' > > Testing: > > Get an initial TGT with anonymous auth > - kinit -n -c /tmp/somecache I tried this, but it prompted me: $ kinit -n -c /tmp/somecache Password for WELLKNOWN/anonym...@mydomain.com: kinit: Password incorrect while getting initial credentials ...so I went and changed the password for the WELLKNOWN/ANONYMOUS principal. Then... $ kinit -n -c /tmp/somecache Password for WELLKNOWN/anonym...@mydomain.com: kinit: Reply has wrong form of session key for anonymous request while getting initial credentials I've never requested anonymous credentials before. Does anyone know how to correctly request them? Thanks, -m ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos