[38488] in Kerberos

home help back first fref pref prev next nref lref last post

Re: windows kerberos update?

daemon@ATHENA.MIT.EDU (Charles Hedrick)
Wed Feb 20 16:34:49 2019

From: Charles Hedrick <hedrick@rutgers.edu>
To: Greg Hudson <ghudson@mit.edu>
Date: Wed, 20 Feb 2019 21:33:46 +0000
Message-ID: <ABB1CE4B-5A9C-484E-89AF-8CA911F47EB5@rutgers.edu>
In-Reply-To: <5772c917-7bf3-0c98-cae2-0db13b251951@mit.edu>
Content-Language: en-US
Content-ID: <211355577728924D8781B61B9F9977E2@namprd14.prod.outlook.com>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

I just verified that OTP does work. Thanks.

> On Jan 16, 2019, at 12:01 PM, Greg Hudson <ghudson@mit.edu> wrote:
> On 1/16/19 11:23 AM, Charles Hedrick wrote:
>> We’re starting to use Windows Kerberos, with a 3rd party login screen that calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the most recent KfW doesn’t support 2FA or the https: proxy.
> KfW 4.1 is based on krb5 1.13, which includes the OTP client code, so I
> think that's only half correct.
>> Are there plans for a new release that would do so?
> I was planning to do a Windows release based on the 1.17 branch (for
> SPAKE support, if nothing else), but I don't have a specific time-table.
> HTTPS proxy support is not currently part of the Windows build, because
> of the OpenSSL dependency.  I can make an attempt to bring that in when
> I make time to do work on the Windows port.  (Bringing in an OpenSSL
> dependency would also make it possible to enable PKINIT support, though
> that might also require some work on the PKINIT code.)
> It is now possible to build the Windows installer from source using the
> community (no-cost) version of the MS compiler.  See src/windows/README
> in the source tree for details.

Kerberos mailing list           Kerberos@mit.edu

home help back first fref pref prev next nref lref last post