Path: csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail From: Charles Hedrick Newsgroups: comp.protocols.kerberos Subject: one time password integration Date: Wed, 31 Jul 2024 18:22:34 +0000 Organization: TNet Consulting Lines: 8 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="18251"; mail-complaints-to="newsmaster@tnetconsulting.net" To: "kerberos@mit.edu" DKIM-Filter: OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid) Authentication-Results: mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=OHNB8/Vd; dkim=pass (2048-bit key, unprotected) header.d=rutgers.edu header.i=@rutgers.edu header.a=rsa-sha256 header.s=selector1 header.b=HvvKgHjw ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=Xxb+jCxGQHHUPY8qwKrmT08iCcD+UfZin0RkMDDIH4RyHxWflJ6GYmDEaiJTx9RYoryEN/EGqTdOMo5o2MiQbydzK+NmUw3ZJVPSIexAyUPGalkqm33yiyGpTP3A0ZYsUrSFWWpfWniHV+LWwZZUhkpEyI0XFrn/iUc2wi9Crb17E4KrnAlF5n8q1HlqJlKmKkuxSYakf3Ytg+ZF8JKO4C9k7keZ7DDUavP2ODI03cgvadAJ70sRYwRJyGbHxoeqSqiulzMz0rcnhI9zXqeq4pCgM8tkFfkyJj9wLNiNJGleksAmqL7r+4Ub34/hFTbNd35/PYPqW6DNZ93LNBtgcQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4xDIrY8+yO1I84dvSuFko1B7Q5a6UGfPDu55LfYvao=; b=gZKIhtRj0wyW9v6nGHwJNms+Mmx7zpNJC9C5ZVMI/X5rdjFk2Yhb1YGTevmjAXEpN2mHPGJ0SahWqdP6LFAdXOYvzxhVuaKe9AK8P9hF9uXS4U+iaCrEcEDJC8o7QKWj5saltxWUnuW1Ci6KONXhGp2YiuqgDZZABNVWQGTN8Z+poxYhRT+DfBG25iM9x445okQpKFX8HeU0oROLwu8IK85sTHxpdhw5rv4NmNQ81tVopheeSEEBF0JqStb565TPRhfNl3abmmc6phcbDRpf/fNb8VnyuJ8Y5crhc3pqBmTngFPOxtB91ssZauff3nhGBTAmc3WbIzbUqC7SAsRaYA== ARC-Authentication-Results: i=3; mx.microsoft.com 1; spf=none (sender ip is 40.107.95.115) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=rutgers.edu; dkim=pass (signature was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu] dmarc=[1,1,header.from=rutgers.edu]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4xDIrY8+yO1I84dvSuFko1B7Q5a6UGfPDu55LfYvao=; b=OHNB8/VdhIcqT3H5ckzwRf22OZIOXdqX8cVs4ZzSFt96krlS+stl3+ugTAjUGUgn3+WpTVrmyzg/qOKwvprQSY1sx29KW64qz3YR8UMearF4SodUMYod53K7JOP6Rc7gEehhxySLFNqFvr/cQtv0orWk9xaotpM2UTrCNOXvilU= ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=alCq6iQtFK62v5ar0WVdwE/gX69EukxYVWZCnqKNAteAbnpB3+bUW3UmronF7Z8Rd+IzCWpbke1Tq8RXRaN3SP5UXUk7pCjZgQ3ySnzIR3+WJc0gGAa/YWiHq1K8/BLA9k7sib23BSWQOcAjw6G2k7HSRB/2GKRYVtL3Gg2E5aWm779em+J7fw+T4wGr0/1BdUP8yS3UGgFrBH1rlm49RAuT3WmDoXhLhy6VcinyLUzQOlcBbar7GlpcfYwdPIOgxGCysftsblcJyXmmXgIapSX+IHcXXvC9HcVnI/ceGQCyPIsDSKsqPXF5jO2UEDFcyFho07ph2o08ERHNTDPL/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4xDIrY8+yO1I84dvSuFko1B7Q5a6UGfPDu55LfYvao=; b=a4LG13RE/4DDqBUxs8i5/ZWbpxYSGavX9meejhbz5VgmUCeCK9QePcnVah+bnmZiszEC3oyzwU4j4+xdDZY89etOzzMVPW9W0UOogXuMfTXY5A95qt0qSQsYfj8vTRyR9D8b7GHTHzfubSqRh7OsEt2lVCrNpH46Uy6mD44T0pBX8kI1rsJhFQbwYnDG+0Q93sEwXWtF0hmz3YHngcUN9L3dlIAt7UyokKUF1n0r93FbEXpQtkHkAHHiz/fLJHC9JysyHG+1yOgJslZhhAswwH1Q4Vvv4fjPtVdIOu/bvS4ewkhVlx7/owvGWrYpypf1f70w8YN384QfQx1TX5FUIQ== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=none (sender ip is 40.107.95.115) smtp.rcpttodomain=mit.edu smtp.mailfrom=rutgers.edu; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=rutgers.edu; dkim=pass (signature was verified) header.d=rutgers.edu; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=rutgers.edu] dkim=[1,1,header.d=rutgers.edu] dmarc=[1,1,header.from=rutgers.edu]) Authentication-Results: spf=none (sender IP is 40.107.95.115) smtp.mailfrom=rutgers.edu; dkim=pass (signature was verified) header.d=rutgers.edu;dmarc=pass action=none header.from=rutgers.edu; Received-SPF: None (protection.outlook.com: rutgers.edu does not designate permitted sender hosts) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A6ULzPdSJDaevVaYHXIyI7UlN7byfOlXUC66T7uckc0tJKoDP4gHCGLh/SW84OIxtQUntVwVjCQpI6lQnZXUFn1pMtl2Q43XvkfPWINlaTb0zwCgr/hSQzljmU/g6Y8XNE/iS2JYupbKxzMrBFcIqHMM59EmTCXgB54eaNCNAu4oOdagaJ2PPLD3cE/A0mwbrDkj5TRwWqHNv5sK32AzAs9kHlneawi6rHuuHQrYyRyA3LTnP+0o1Knrfwh+b77xyPR+gIRpaPibh5Kar9U8mR/HXKKfUf3bEmrAwjpStDNYNYbCgvNvKA72+3loKFAjHsNbKq8aWCQfMivC7Hz/jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i4xDIrY8+yO1I84dvSuFko1B7Q5a6UGfPDu55LfYvao=; b=V1NfMzT1h+uNFbHLgKuUR+hwVL0FGURzho61w/DipTwJX+839j06WejKQ05MsRIpb6C+SrxydfX/M0Bxjd3IjmgDfLq0lEsMczl3WARSKI8LPNp8dlAxvNZ7prWuj/9STXH/peU+QL6mExN2K/4BPFfmtrvSWThJEXNK8wHOZxu+XGIQ5xCW7zmwVyH3s/WCa8uyoUOhaoPySAg0nXZw1HAEHsyha3uecXn7o75XM2bM2Y3QT9EPuQ2qQDBWQtT9/eFb6UlEETnmunOG4b0d3LUz96F5IGwHcGUH98DPlWsWiPsF76IxWgN3LZ5l4rGvjcOnJrCPyjt5rby9WWg6Jw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rutgers.edu; dmarc=pass action=none header.from=rutgers.edu; dkim=pass header.d=rutgers.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rutgers.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i4xDIrY8+yO1I84dvSuFko1B7Q5a6UGfPDu55LfYvao=; b=HvvKgHjwkzYWgSNuZOFOB4JRxBrieUl5K/O5VQ7PFptW1PrbMxmZlugmUG0DvfYS4XaJCCyg3twqEZjIm9OLk/s5XO4Lh/urD+9PtwyP5ncQS8iTGaD6otOojxxueJcJwoLTqpY1asUAvAQGaN1H9Hq3g22a1R3N3hrXTv/5gyDUAi8tNgFQVo8BxsXVnxaFkKC0iaZHRjvH1g9djZkLOP3io4J9s5YUsR/70zrvZzKUrJXVAfSp4/MmopnGpLuX/1HEBAtszlIOA43AtXhUMG35u45TQWeO5CHcWztwiGsc3+euRG3FSsC0baNHJZp8pQA+4BU40KudTq/zGIECxA== Thread-Topic: one time password integration Thread-Index: AQHa43Tz3FlSX2GgPkuJKOcB2t3UVA== Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=rutgers.edu; x-ms-traffictypediagnostic: PH0PR14MB5493:EE_|SA1PR14MB5308:EE_|MWH0EPF000989E7:EE_|SJ0PR01MB6397:EE_ X-MS-Office365-Filtering-Correlation-Id: 08f2ed6a-fa7d-4642-4f4c-08dcb18dc0f0 x-ms-exchange-senderadcheck: 1 X-MS-Exchange-AntiSpam-Relay: 1 X-Microsoft-Antispam-Untrusted: BCL:0; ARA:13230040|1800799024|366016|376014|38070700018; X-Microsoft-Antispam-Message-Info-Original: =?iso-8859-1?Q?b9p6MUpQ60CdhLD+mykwbFNyN126vtr/nuZDaz8j8uGaRxTr1CfsI2W2UQ?= =?iso-8859-1?Q?X6vNgu1MF6bUoJ5Bt+kN+DC0R/4onAhVsnMupREkSsjuYs4ymM82RVUb23?= =?iso-8859-1?Q?O+XtOQazUXoPf88PqeB8V+3FSwSzdskJ7VepAUracSc9V/WoqhaWhTV3en?= =?iso-8859-1?Q?GJwbrR19nFOMAtiWvsIsT2xDf851N2VNH406YfagYgeQa4VM2AeJh1/YfC?= =?iso-8859-1?Q?GFXFVg5OKumxNZQafYmYX8kf5BV/dBghhoH1+dKgjSO7qAPRZ/iqHCQeO8?= =?iso-8859-1?Q?ya0dkgF7Puwq9i9BRRAuRHIyy44jcTBqRktxez2jOlCXA1brlf27Ov9ps0?= =?iso-8859-1?Q?IAt6NbfXbhS2nbx2i5AUfnPQZZ6yC6VFw2u9dYzqt03pCva2EvmHHElOXh?= =?iso-8859-1?Q?uiIcv3AoptfyfSe5/IadDOmiS1BkFsC7YdSfUu7GD2vszSlwYk3bfolVTR?= =?iso-8859-1?Q?XlDkAYwZMpTKTy13KiYnO+SyLizZygQ0tmKYe4iJTan4ebHgeve0GoZhl8?= =?iso-8859-1?Q?8ReDHFkw4LLmvRV07ayeQinSSnffEqgilTV3ZACyFfMeafPwh5f4uIo4EW?= =?iso-8859-1?Q?/bJK6ZRkF1ol4wcV2T2+C9kYN8L0L6hyDMPHt2F4jGBJC2vObuzynoSd4T?= =?iso-8859-1?Q?dUG2KVwGCE3PuGeCbqylN5ak9bkJoalHDIsKCrEh1T/Z0O4uWD0mXeKod0?= =?iso-8859-1?Q?KWRd4pksgdYzbEcCDBtLlsMosS1fQ86JeokbisYIMghGr7v8NcNiQZDOIi?= =?iso-8859-1?Q?OCBAsD7CXHHRU+DnJgX7V4IX25Mki2t2Z3/Y4/8Mpzv53NXxfI8Y5V4432?= =?iso-8859-1?Q?wUCZhBI8SokBmPQ7TOpne2VZP7xqzlJcbVF4kKjat88sNaeT1AE4C00Qmh?= =?iso-8859-1?Q?4DxwnsvOdGEEbCdvDdJTH11e5kba4iDjiSeS8Ua4aidX/24Mdv51haqYb+?= =?iso-8859-1?Q?YK6yHyjnKwK9IzZIuGTm2f5e1qowk0NZgdno5X779qahnO47svz5NFIodI?= =?iso-8859-1?Q?L6hI2R0qTWbf/V5056SnZ+LYJxM9PaYbetUewjYXDhXr5Ee5wA09xHUOq0?= =?iso-8859-1?Q?OSbhQaSKaAijgkQLRIkj2pEMutTX1KJcJA1i3G43lvcA3dXB6ta+rvLHmS?= =?iso-8859-1?Q?vfU+ymsmZmI6P1tnqjgP0mzGrmFyONpoNjj1o68r4lrCnAlFX73u/AvnhR?= =?iso-8859-1?Q?2j3uD4NwENCNUX+ehilItgSLxMvDo7IxzI9GHEvPCTeEb53MGt+BFQqwWT?= =?iso-8859-1?Q?3jGGhFDWZK4PysK4+ZHGFBuEJaQTCbDYGaP9jV5dT2LGOn8Hq/psYeyHeA?= =?iso-8859-1?Q?c9gs8FrpQUZiHWOsZ1N87M+F7t4jZCCMH7RI9r6v5xir602NVJejEpg1bv?= =?iso-8859-1?Q?CM3pcdo61sxOgWL9BJybeZzTeVQU8RqnPaIsz4+dv/yHC992FK65zudIVw?= =?iso-8859-1?Q?+gsimWuvcp8Gf4tjfK+iLzvhnOHhvV4iw5nfDA=3D=3D?= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR14MB5493.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(1800799024)(366016)(376014)(38070700018); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-Original-0: =?iso-8859-1?Q?HuRSZ7D6MCkaPakfiaNZWnqw64aSl1ZD9YlIUV0wbm5a79jVfc05qAHkXn?= =?iso-8859-1?Q?GN6EVwFEPRN/E62i3TbqpB7jNUFf8A8eeBp1k2FSVT9PhJ/uBnSTcC4JZc?= =?iso-8859-1?Q?gTtE7mYLE3V0W9zckFRD/hmafEb3aUuETk7a/N08zfkwV82aGQfCMQbSHy?= =?iso-8859-1?Q?PHI0Q/o6Tyc3YQLV6sQ+kiGtcltHUyA6Pw1CFI5tSKQhQLiI8D9fdoyM3+?= =?iso-8859-1?Q?dDx0GjCdzaLYDIfkNK02AtSZtG9R0ijgH7zPJCF2GpxooGsHKCTlRUQVFA?= =?iso-8859-1?Q?/81AY9uD+EeL1FwK97ZoPtB1mQEZmS22tKUMkVjlVmmF1ooVi7GnQUxBQc?= =?iso-8859-1?Q?Jx/a7UWJnJ3aGVdvkfFwh/nvL+jUzxAedM7zYYbqoudZjWZ9b2GTZk7TyI?= =?iso-8859-1?Q?vgy0p3Y+ePfTRbXr3Vtcq8UiBGeA14YEJSU6gYpTJPIDwk19xUfqq206Oh?= =?iso-8859-1?Q?Fo3g5LruoqAjPtJffk29oYfGyfEwoLCeWl8ksnejgCopr+Sb9KEi8/P1Wr?= =?iso-8859-1?Q?PtgDABhk+DX7gXNVGW+dnOlEnHjixCOtiYz3L0NDIuGarLYj4xs7qES3L9?= =?iso-8859-1?Q?QymXJkq04zTFbuYCmxxVwZVelwF5Vr7eUHaqOaTlOWl2ETCsKPJaPqOC0g?= =?iso-8859-1?Q?uscDSjQ82t6zcn2jqQhqAKT2tBiDyi99mBjDdwL5mv1+cahJhu6BfxKF1+?= =?iso-8859-1?Q?tTFvTaQzix4Avpd/feW/ot9rx7MF6nwnKXWo/42+t4Ajyd/TJ4fWhBAyNe?= =?iso-8859-1?Q?q4skcUxbe1owUnvp7pqJZRue/i9QjJR8xFjOxAxbraetq+7WTu0/Y3kBrN?= =?iso-8859-1?Q?A+BzyBbE+hNNeRF97ZbC1ExGVwYUJCIkpQ1hQFXtWwWXF6SwA1Kny3N+mE?= =?iso-8859-1?Q?UudrcpFynUunT2tJpSiSGvOIMuEEtIne8xLOKPrjI8yXkmF1KTJSZYYAkw?= =?iso-8859-1?Q?a1FYCrMpriHBvQHON00BFwtH52oVmHP8DxK1Eu74PP8NbM/veOx1eFgJIK?= =?iso-8859-1?Q?P5o3O9IpBs7cR6orZPoEYzoncVniKIEvljw8i+/v0b5dWG+zuxeHd2FbmZ?= =?iso-8859-1?Q?RTXZVhWeXsxrfuK4W9t1FcDwYhhCh7BvKTpMD/2uRil7zWF13NvCDFiUIW?= =?iso-8859-1?Q?hRy2AR/4NQN85w9aijYc18IodebRh9VlSn7dcuULGrHuHOw2wmZwSdOiG9?= =?iso-8859-1?Q?HHon/ecpg3KUy+yD+7T2Mh6XuUwJdCd0yBhbXpRTI008Z1/ZkSXXy3Ywk/?= =?iso-8859-1?Q?6GK9nM/L4XrELhgInOyqCwL7TsmG6PfrCi1MxQPCGfQORqWRIfs/h7gr9q?= =?iso-8859-1?Q?lcm9m/dxSPD2N4A11uJy7IwCqO0vH10W/ffzZaQN/lmWGLnDhiACuZkwbT?= =?iso-8859-1?Q?zeLoJflR9cabKO9P9CkiH+LSq9UAxufxOaMv5LdFFkSKxZbU9UliPvvp3e?= =?iso-8859-1?Q?QnABxx6K6Pqsg9nk2f9+GsKo0Ba90gCyasKyLgr7rMfVMw6vVQmMPWCQn3?= =?iso-8859-1?Q?9Wb3jkQk1eWNwuLlyTirPyaMs2ypV1MVLd+jneWw8XED3JzrUg4+PmRsie?= =?iso-8859-1?Q?vSvmEIrC2UUiEq3k0ECaQ2lRRZL1JCSrxCFOVHUG8E+CcYzKc3/4abLATe?= =?iso-8859-1?Q?zzz+MTcQdGxWiMjOVxasyuk8UIHIlOGB/miB0/fhNZg5gB42pijwV/NQ?= =?iso-8859-1?Q?=3D=3D?= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR14MB5308 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: MWH0EPF000989E7.namprd02.prod.outlook.com X-MS-Exchange-Transport-CrossTenantHeadersPromoted: MWH0EPF000989E7.namprd02.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: d2b04dd2-cea8-4742-de69-08dcb18dbfb4 X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr X-MS-Exchange-AtpMessageProperties: SA X-Microsoft-Antispam: BCL:0; ARA:13230040|376014|61400799027|35042699022|48200799018; X-Microsoft-Antispam-Message-Info: =?iso-8859-1?Q?mAC4hSMkBMIxfvsh27IQzlGj0Wpw0UJ1f0M3ej2IKUc5aGmnX7hLt5yCKv?= =?iso-8859-1?Q?3bqPjOvbGsleABGuW38kaj0yPXFGyIK3L5HEtXuLMHB7ZFJnU3sqdPgSUy?= =?iso-8859-1?Q?vXpR/c1CXqEdxmJ+s3X29Wp0VMVwtoYg+ReFkxS2KSrUPtzr6+qUCifMLE?= =?iso-8859-1?Q?pKyxMf0CIQtcEx0h8QkhXD2QurBIA57WWhyVYX3j+j9hjFiE9PMZgFVVXW?= =?iso-8859-1?Q?Q7fLrOGbpWSqHgV+nyTehEOE61Zjz7IuPDdz5qOufmXJaHcI2f8Eys9aNn?= =?iso-8859-1?Q?JLvn65lxQsa3l/fOsWIVwYPFMeLW1EaHq8teFhGlNrXtwYNgN1U8ysY+Py?= =?iso-8859-1?Q?6e3kwtluxLCgB4NUBBDNbc1pPYy3wTVH/zxOID8tJO95V7CFU+f8ZwLG6D?= =?iso-8859-1?Q?qzoLwKlEw5bPF6UDTZdrXT1tQIw0hpBJUc1sLtJU4tqbCNM91L/ESvt2ce?= =?iso-8859-1?Q?ol6fPk+kTGfGvR0V097ToCfGU/KJz9FrRkRJfvG7QCnfbF3hzCuQVkkhCC?= =?iso-8859-1?Q?jw0CCX5fRYx/mQTxU3f2nzKky/mTbcqDqsBh6QPd0rTsN5pW9EwskylIlY?= =?iso-8859-1?Q?LpowsxJUM37u2/URo4VZVJCGwdqMAouo2I4Old+eHNVt3cTqakNJHGBdRH?= =?iso-8859-1?Q?WprXGQ/Py/a3AED1WfU++H8djgrSgK7cJh0gIANKfznPjvtbwDuSCb5KIR?= =?iso-8859-1?Q?/lBZzC9GevQE2RKaqvnrmGNoiuGqWw8Zls7nk1Zr36livKVK2lEut1ICS7?= =?iso-8859-1?Q?Xi5KnJ4XM2d8DcVWmXtsdPZjRwgPe6SUVp0B4rNw0ijzFwzzTa3DwSzb9r?= =?iso-8859-1?Q?IIlGlvmUfOTM9hn3g7vAQ60yKycogl3DP6Nc+AFV2Io0bQxHhu4auSU0F3?= =?iso-8859-1?Q?vp966yc0PcprI67NbRK3FqnT/XG7OxA8Y9pol82Ec9lhG6cK9a5+c1g4Ig?= =?iso-8859-1?Q?FWwqtekgDns3RqTkqLt5dlWaNTZ0uZ7f6OTck3+zNlLWjZ9B16N2B4nYAv?= =?iso-8859-1?Q?oIlaiVZJ3aCVLd/3ZqiRPcfOpQ6CpX4Wy32Pu29cD3pEnALcTzxwjWjLze?= =?iso-8859-1?Q?pceOJZCsq0XkfSDPzRak/zHazA4j2GwcK2ctBWBMOMZsGu9/re80yq9oMK?= =?iso-8859-1?Q?zD8xG2fkL71Xol/tQYO9Hchxqbqm2b+u1AD4oQz2bK8qeKZ6yjEA0Ig6Jc?= =?iso-8859-1?Q?PeNl4xBAbskDb/tKXWSVFTnDfj7BJg0TTU4nNlIt2/w3Fy3cgCh7UG8Oj2?= =?iso-8859-1?Q?IORqg1FqcKF2MLTH57WNdvXEWFr1PGdVqjxUoVmeCHk8I9XGAf6vHhGs+9?= =?iso-8859-1?Q?SHtg+ck6BTX4wtnz06waGhLkoolcDow6id4R+P8dVmQTlne/fskVuwlTPR?= =?iso-8859-1?Q?u3AGWDWvnTM96w1NFx4M7QQu8wkSyPycZiKc0fazEbyUOox5dNJrhCrn5b?= =?iso-8859-1?Q?Lrmz3/S4NtL98WO/Ko5QHnsiIjmtBTC+LCCImE8RC6IEvKFb/of7xmMkcv?= =?iso-8859-1?Q?o=3D?= X-Forefront-Antispam-Report: CIP:40.107.95.115; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:NAM02-DM3-obe.outbound.protection.outlook.com; PTR:mail-dm3nam02on2115.outbound.protection.outlook.com; CAT:NONE; SFS:(13230040)(376014)(61400799027)(35042699022)(48200799018); DIR:OUT; SFP:1022; X-ExternalRecipientOutboundConnectors: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-Auto-Response-Suppress: DR, OOF, AutoReply X-OriginatorOrg: mitprod.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jul 2024 18:22:36.3684 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 08f2ed6a-fa7d-4642-4f4c-08dcb18dc0f0 X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b X-MS-Exchange-CrossTenant-AuthSource: MWH0EPF000989E7.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR01MB6397 X-MIME-Autoconverted: from quoted-printable to 8bit by mailman.mit.edu id 46VIMcZN3704982 X-BeenThere: kerberos@mit.edu X-Mailman-Version: 2.1.34 Precedence: list List-Id: The Kerberos Authentication System Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: Xref: csiph.com comp.protocols.kerberos:5341 We're looking at one time password integration (DUO). A while ago changes were made to allow a longer timeout, since users may take a while to respond to DUO requests. Since this isn't in a release yet, and it takes years for new versions to show up on all of our systems, we can't depend upon the changes now. But I'd like it to work in the long run. There's another issue beyond the timeout, and it's not clear to me that the change takes it into account. Traditionally the client will talk to all servers at the same time if it can't get to the initial kdc fairly quickly. It's not obvious to me that this behavior changes with the new code. The comments suggest that with TCP if there isn't an answer within 10 sec, it then tries all servers. This could produce the effect of having several servers simultaneously asking for DUO authentication, if the user doesn't respond within 10 sec. This is not a desirable result. I'm not entirely sure how this should work, but my first inclination is to say that if a TCP connection opens to the server, no other connection should be opened until the timeout. At the timeout another server should be tried. It seems unlikely that a KDC would open a connection but not do anything. Not impossible, but unlikely.