Check out FreeIPA (or Red Hat IdM if you like paying for things.). It’s Kerberos... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mmh0000 on Dec 25, 2023 \| parent \| context \| favorite \| on: Non-interactive SSH password authentication Check out FreeIPA (or Red Hat IdM if you like paying for things.). It’s Kerberos and a few other utilities in a very easy to setup package. It also support OTP MFA https://www.freeipa.org/ https://www.freeipa.org/page/V4/OTP

gnufx on Dec 25, 2023 [–]

MIT Kerberos supports preauth with OTP, or PKINIT (X.509 certifies); I don't know what Heimdal currently has. FreeIPA has been doing good work past that, on integrating FIDO, for instance, and can issue tickets on the basis of external identity providers. It certainly does more -- like a souped-up AD.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact