On that thread there was some talk about MIT's implementation, possible eventual open sourcing of said implementation and/or creating a
newer/cleaner implementation using SPAKE-2.
Did anything ever come if this? We'd certainly love to be able to
selectively integrate second factors such as Duo with our MIT krb5 KDCs.
On 4/26/21 2:36 PM, Ben Poliakoff wrote:
On that thread there was some talk about MIT's implementation, possible eventual open sourcing of said implementation and/or creating a newer/cleaner implementation using SPAKE-2.
Did anything ever come if this? We'd certainly love to be able to selectively integrate second factors such as Duo with our MIT krb5 KDCs.
Unfortunately no. The MIT implementation isn't in a releasable state,
and we haven't made any significant progress on implementing second
factors in SPAKE.
On Apr 26, 2021, at 2:36 PM, Ben Poliakoff <benp@reed.edu> wrote:
I see this question came up 6 years ago on this list:
https://kerberos.mit.narkive.com/uFhWlsZR/information-request-duo-integration-for-kinit
On that thread there was some talk about MIT's implementation, possible eventual open sourcing of said implementation and/or creating a
newer/cleaner implementation using SPAKE-2.
Did anything ever come if this? We'd certainly love to be able to
selectively integrate second factors such as Duo with our MIT krb5 KDCs.
Ben
--
Ben Poliakoff
Associate Director
Technology Infrastructure Services
Reed College
________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Rutgers uses DUO. I did a test integration using the IPA Radius support, which I believe is also in MIT Kerberos. Point it at a Radius server that supports DUO.
On Apr 26, 2021, at 2:36 PM, Ben Poliakoff <benp@reed.edu> wrote:
I see this question came up 6 years ago on this list:
https://kerberos.mit.narkive.com/uFhWlsZR/information-request-duo-integration-for-kinit
On that thread there was some talk about MIT's implementation, possible eventual open sourcing of said implementation and/or creating a newer/cleaner implementation using SPAKE-2.
Did anything ever come if this? We'd certainly love to be able to selectively integrate second factors such as Duo with our MIT krb5 KDCs.
Ben
--
Ben Poliakoff
Associate Director
Technology Infrastructure Services
Reed College
________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 293 |
Nodes: | 16 (2 / 14) |
Uptime: | 217:22:52 |
Calls: | 6,621 |
Calls today: | 3 |
Files: | 12,171 |
Messages: | 5,317,712 |