On 1/16/19 11:23 AM, Charles Hedrick wrote: > We’re starting to use Windows Kerberos, with a 3rd party login screen that > calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the > most recent KfW doesn’t support 2FA or the https: proxy.
KfW 4.1 is based on krb5 1.13, which includes the OTP client code, so I think that's only half correct. > Are there plans for a new release that would do so? I was planning to do a Windows release based on the 1.17 branch (for SPAKE support, if nothing else), but I don't have a specific time-table. HTTPS proxy support is not currently part of the Windows build, because of the OpenSSL dependency. I can make an attempt to bring that in when I make time to do work on the Windows port. (Bringing in an OpenSSL dependency would also make it possible to enable PKINIT support, though that might also require some work on the PKINIT code.) It is now possible to build the Windows installer from source using the community (no-cost) version of the MS compiler. See src/windows/README in the source tree for details. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos