MIT Kerberos OTP with Windows

Greg Hudson ghudson at
Fri Nov 3 11:08:56 EDT 2017

On 11/02/2017 07:33 PM, Benjamin Kaduk wrote:
> Hmm, could you say a bit more about what version of KfW you're using and
> how you've tried to configure MS-KKDCP?  From the release notes, at least,
> it seems that KfW 4.1 should have this support available in some form.

The TLS part of MS-KKDCP (which is mandatory; there's no non-HTTPS proxy
mode) is implemented as an auto-loaded plugin module linked against
OpenSSL.  Although I believe we have working module loading support for
Windows, the Windows build doesn't compile any plugin modules and
doesn't link against OpenSSL.  So this feature unfortunately didn't make
it into KfW, for mostly the same reasons as PKINIT isn't supported.

More information about the Kerberos mailing list