Groups | Search | Server Info | Login | Register
Groups > comp.protocols.kerberos > #5345
| Path | csiph.com!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail |
|---|---|
| From | Ken Hornstein <kenh@cmf.nrl.navy.mil> |
| Newsgroups | comp.protocols.kerberos |
| Subject | Re: one time password integration |
| Date | Wed, 31 Jul 2024 16:38:32 -0400 |
| Organization | TNet Consulting |
| Lines | 17 |
| Message-ID | <mailman.116.1722458322.2322.kerberos@mit.edu> (permalink) |
| References | <PH0PR14MB5493673E648D14F5CEE0B7DFAAB12@PH0PR14MB5493.namprd14.prod.outlook.com> <202407311944.46VJi3YK030487@hedwig.cmf.nrl.navy.mil> <PH0PR14MB5493540EBEEFAA44CE2FA876AAB12@PH0PR14MB5493.namprd14.prod.outlook.com> <202407312038.46VKcXkl031026@hedwig.cmf.nrl.navy.mil> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="us-ascii" |
| Injection-Info | tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50"; logging-data="5548"; mail-complaints-to="newsmaster@tnetconsulting.net" |
| Cc | "kerberos@mit.edu" <kerberos@mit.edu> |
| To | Charles Hedrick <hedrick@rutgers.edu> |
| DKIM-Filter | OpenDKIM Filter v2.11.0 unknown-host (unknown-jobid) |
| Authentication-Results | mailman.mit.edu; dkim=pass (1024-bit key, unprotected) header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-mitprod-onmicrosoft-com header.b=Cn4mYJy2; dkim=pass (2048-bit key, unprotected) header.d=nrl.navy.mil header.i=@nrl.navy.mil header.a=rsa-sha256 header.s=s2.dkim header.b=Z0tsHeYQ |
| ARC-Seal | i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QmdPaUWSyUjaSG1VR3iwJYz/Sg6ECwIe0UBwE1QOj1Hb8DOqGAOgFWO1/nXJTJOjdRtvnhu9XeJlkvt/ILO9ALM0cCszjsJHMm2AumX9IPS3qUyi4OdL/50yazNBGD77Mlxb9exQAQIAAfaTF1rFgV+tQ1xiGTdoQoFxpu/LgXwSopilLBoCL1LSIrPXL+gT7/5GWGulB78MRMkXuWapjlBQ3nLN1EfUCMu4w+novb65wTyrhe0dGSR/YQIyqeQdGtrUDkc2tPqPwI7CpeXy6n/y7JtXcatQjsF4e08+EAQ+Fhr//ZtBmYNP5Np6AK11NhRuA0+cy+keNEzo9K8nhg== |
| ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=G+S4OTh9pX/cCxuCszlWOve69talQ1d79PzVy5a14pw=; b=dCkNSZ4ZcBTG8YyrIXarnCQtI5MvfGrNXXE2apAFTqLyaoSZNoP63qpNYre3i/UguDtuKZvC8otcEFj/elTSJwr/JZWKSxJOoXo8PHH7M/grhpZsgWlsNMgaLYJX0ikyr4QmDVXyvxNLX+uyjOVKy67LpArUHuM8PWhkq8+Jjknoza+c4VDOUJJvtPjcYmXger67HGLVEc/DopOT2XBCU5QpwnfRXQzGDO1PqlxaR6IoPnh11u5Rzwvhu2AOrGwW++q13kodgF6DjAbr+L1LezO1W13eZNZayZWDoCHVMxmFjI/turgIeZzH0tIAK3CLB3iYCgMxrVSOmLL/qqT3qg== |
| ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=pass (sender ip is 140.32.61.234) smtp.rcpttodomain=mit.edu smtp.mailfrom=cmf.nrl.navy.mil; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=cmf.nrl.navy.mil; dkim=pass (signature was verified) header.d=nrl.navy.mil; arc=none (0) |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G+S4OTh9pX/cCxuCszlWOve69talQ1d79PzVy5a14pw=; b=Cn4mYJy2fa9Pww/xs5N0/okGkqYzN+83hV9qlKUV4Cb6CYWgFQOgU8v55CzmMYbVjX65R40xLkyDKeRtZ99w32g8tzCwVA2ryNht6JpnjuCavtE+yOH2x3UPwEE/58SHCJ4z3mNbFVDSuQBACRD8FV6FD1qAkh3zY0U0UtLDK+g= |
| Authentication-Results | spf=pass (sender IP is 140.32.61.234) smtp.mailfrom=cmf.nrl.navy.mil; dkim=pass (signature was verified) header.d=nrl.navy.mil;dmarc=pass action=none header.from=cmf.nrl.navy.mil; |
| Received-SPF | Pass (protection.outlook.com: domain of cmf.nrl.navy.mil designates 140.32.61.234 as permitted sender) receiver=protection.outlook.com; client-ip=140.32.61.234; helo=mf.dren.mil; pr=C |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=nrl.navy.mil; h=cc : content-type : date : from : in-reply-to : message-id : mime-version : references : subject : to; s=s2.dkim; bh=G+S4OTh9pX/cCxuCszlWOve69talQ1d79PzVy5a14pw=; b=Z0tsHeYQmp7Pl3ED/paZkkOSyAqc96EzcG83HMC+Tm3rXi7K44qXyN/h+pKxaizJOADd hfVX8z5GAy4h4+Lic8mG2djBczM6e2Tp1+lZHg3zsXznPNO0gQDCoS/UHck7HbrSVGMl mU+Jkdo+oP5k46VmTmRJMDypKcUukDzlcseEZ+yutoWd80BZ5z3Y9unexTQjiMIcS4C9 Eu0F+fryUjYzCnuOwEamcBTf1SDELomOLgehAhWsfvN4kBAOsUnQiUOtMJKCQqrdCqSH JrymhEievQzJ40XBChnwEdJzX4wzB/kngNEILat/7+g0d+9AkaLwDlgeebI3AqIXvLRE /A== |
| In-Reply-To | <PH0PR14MB5493540EBEEFAA44CE2FA876AAB12@PH0PR14MB5493.namprd14.prod.outlook.com> |
| X-Face | "Evs"_GpJ]],xS)b$T2#V&{KfP_i2`TlPrY$Iv9+TQ!6+`~+l)#7I)0xr1>4hfd{#0B4 WIn3jU;bql;{2Uq%zw5bF4?%F&&j8@KaT?#vBGk}u07<+6/`.F-3_GA@6Bq5gN9\+s;_d gD\SW #]iN_U0 KUmOR.P<|um5yP<ea#^"SJK;C*}fMI;Mv(aiO2z~9n.w?@\>kEpSD@*e` |
| X-NRLCMF-Spam-Score | () hits=0 User Authenticated |
| X-NRLCMF-Virus-Scanned | |
| X-EOPAttributedMessage | 0 |
| X-EOPTenantAttributedMessage | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0 |
| X-MS-PublicTrafficType | |
| X-MS-TrafficTypeDiagnostic | DS1PEPF00017098:EE_|BL3PR01MB7059:EE_ |
| X-MS-Office365-Filtering-Correlation-Id | f2bf6d20-569b-472f-ab99-08dcb1a0bfd5 |
| X-LD-Processed | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr |
| X-MS-Exchange-AtpMessageProperties | SA |
| X-MS-Exchange-SenderADCheck | 0 |
| X-MS-Exchange-AntiSpam-Relay | 0 |
| X-Microsoft-Antispam | BCL:0;ARA:13230040|376014|61400799027|48200799018; |
| X-Microsoft-Antispam-Message-Info | Uyjy0NHltRtX6q/8YpEFjyLTnUti+fLPtsppyM8avvSJzBhb/ERWDNtMY1vxHOQkxTESfcnnghTawBLkWx7Ufs4TpgSWAA0DJNw4NHHG5PUB+VC1RdlbLeFgNwbIaAUDTnvkmZTAzHxjbQ0tOJvj6AiZEHG3m3j+8Hp/Zu7YBrjD2s0ej+O5M92cLdZl7w03/H2DfnH0ijcS1k9IXf+G6C8FjtsGBumtSAQBYCmTf1HfuQ3DIWDRSwhc52XGbb22WdjEwPfWM5BXxu7AN2morMiN1tfDMJAtwj5laqDz5KM8yg5s6+3nL4lo3dqBJga6ZpvdvuckuOgiLyqQFq8AMUBpJNNqh29OhNfNu6oGIUHq0GKdemAlMqXgXr5AFJm4R1uQ9sUFOLi0JXxbNINCpBnfLLSQJu+59fk/dbHIuUboRtsCdxGNXTnrbwIFIwHEIsEa/jsPk1+P+HsHmjhznQ0ZreezcQiDHHiGG2Vg6O+vX56jXAQxTXlIGLOr/78oqUyNj16+O+x2mZQg9c/NQDLrcLdF2YRFx2eYf2CSNCx0dNlnYv7Gk8tFPT3OD217Xv3h/dkehJFm+IbA9qQhsFqT/iFjswk4LE35n3WkhD5Ntssf8nlPypyR7CXYWOBAsN0LQxMY+8VkFgh6cc9zNo/F3QU4iD57VV76RHhBKlxmqM9gSw1XgeuWNGujC4jyZTADqIxV5mygGxp2Bum6/9RsuZREYZUYxyLrrIq9n+7lYt7FRg44Dm4lHQ+lNToyiw8ndxLkSs2PK4Mdmry87iJDMk6q8TBXVVClSAn+UvIdMyd4+AFxw1/3/hNrbBXys3oVd4tHG51GipbmKJ3Z39/d2vhVT5MEzhOVxnBseMi/aNIL4KnJnAUIuRlNIOi89pYgPCnjgAd8dzRnirCpaOJ1R9ja7txxIo5vIYdSuRoZUMeXXuOOeM2Y+0LB2NQ9LdTbgPnyi2yK+IvahDNsOY/tODf32KyYRYtuVM6a9ADS7frpijmZznN6oYCkWrWbxj76JJhKqy+VZfhpD8NDm8U1yFq8WCyxDI4/aDXrccIODEIP6o7k5X8aQ8vzb+wXP52//85UdQRsrABs+jao4MELyR1uDDC/uMAks9H3HS5NzNQxOsbthnVWdiHrtBvRAkXgV+8W0y7gM/6Z6l2OxDnvmjEQOzGzZE63TigsKovfOJ0ek0gH1r89obqlNS8BEPmGCOlBYnczaO9Z93wN+yRiQizKcy+LA58Li1TomaFd1dILugvvz9aADiYm+vI8iZHMMcmt9+3yr76HB8IFI05fZt/PRmXVXigytGLTLUW7whv/kmT+E8d5jtoByZ8fw8540VPn2ge2x1eWb4fkHiWzkE/3WXLY7hIM0SE1vLlX2Z4EHVbwj9XSZKGQoRjDJx1TWTMJryASKWZpJZhU4j6XRplyBex29pFkrE5pnVM= |
| X-Forefront-Antispam-Report | CIP:140.32.61.234; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mf.dren.mil; PTR:mfw.dren.mil; CAT:NONE; SFS:(13230040)(376014)(61400799027)(48200799018); DIR:OUT; SFP:1102; |
| X-ExternalRecipientOutboundConnectors | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b |
| X-Auto-Response-Suppress | DR, OOF, AutoReply |
| X-OriginatorOrg | mitprod.onmicrosoft.com |
| X-MS-Exchange-CrossTenant-OriginalArrivalTime | 31 Jul 2024 20:38:34.8602 (UTC) |
| X-MS-Exchange-CrossTenant-Network-Message-Id | f2bf6d20-569b-472f-ab99-08dcb1a0bfd5 |
| X-MS-Exchange-CrossTenant-Id | 64afd9ba-0ecf-4acf-bc36-935f6235ba8b |
| X-MS-Exchange-CrossTenant-AuthSource | DS1PEPF00017098.namprd05.prod.outlook.com |
| X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
| X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
| X-MS-Exchange-Transport-CrossTenantHeadersStamped | BL3PR01MB7059 |
| X-BeenThere | kerberos@mit.edu |
| X-Mailman-Version | 2.1.34 |
| Precedence | list |
| List-Id | The Kerberos Authentication System Mailing List <kerberos.mit.edu> |
| List-Unsubscribe | <https://mailman.mit.edu/mailman/options/kerberos>, <mailto:kerberos-request@mit.edu?subject=unsubscribe> |
| List-Archive | <http://mailman.mit.edu/pipermail/kerberos/> |
| List-Post | <mailto:kerberos@mit.edu> |
| List-Help | <mailto:kerberos-request@mit.edu?subject=help> |
| List-Subscribe | <https://mailman.mit.edu/mailman/listinfo/kerberos>, <mailto:kerberos-request@mit.edu?subject=subscribe> |
| X-Mailman-Original-Message-ID | <202407312038.46VKcXkl031026@hedwig.cmf.nrl.navy.mil> |
| X-Mailman-Original-References | <PH0PR14MB5493673E648D14F5CEE0B7DFAAB12@PH0PR14MB5493.namprd14.prod.outlook.com> <202407311944.46VJi3YK030487@hedwig.cmf.nrl.navy.mil> <PH0PR14MB5493540EBEEFAA44CE2FA876AAB12@PH0PR14MB5493.namprd14.prod.outlook.com> |
| Xref | csiph.com comp.protocols.kerberos:5345 |
Show key headers only | View raw
>One surprise in doing all of this is that there seems to be no standard >utility to let us see the auth indicator for the user's credentials. I'm >probably doing to use one of the test programs (adata). It seems to be >complicated by having the auth indicator in the encrypted part of the >ticket. If you are using the GSSAPI to authenticate, there's a way (it's kind of complicated and weird, like the rest of the GSSAPI). There's not a native way to do that with the Kerberos API; on my list is to submit a patch to MIT to expose the necessary API (there's a lot of things on that list, so don't wait for me). However, if you're interested in looking at authentication indicators in TGTs, I'm not sure there's a way to verify the AD-CAMMAC container in a TGT; you'd need to look at a service ticket (which I suppose you would already have if you were verifying a Kerberos password). --Ken
Back to comp.protocols.kerberos | Previous | Next | Find similar
Re: one time password integration Ken Hornstein <kenh@cmf.nrl.navy.mil> - 2024-07-31 16:38 -0400
csiph-web