windows kerberos update?

[Charles Hedrick]

I just verified that OTP does work. Thanks.

> On Jan 16, 2019, at 12:01 PM, Greg Hudson <ghudson at mit.edu> wrote:
> 
> On 1/16/19 11:23 AM, Charles Hedrick wrote:
>> We’re starting to use Windows Kerberos, with a 3rd party login screen that calls Kerberos. Some of our staff use FreeOTP 2FA. As far as I can tell, the most recent KfW doesn’t support 2FA or the https: proxy.
> 
> KfW 4.1 is based on krb5 1.13, which includes the OTP client code, so I
> think that's only half correct.
> 
>> Are there plans for a new release that would do so?
> 
> I was planning to do a Windows release based on the 1.17 branch (for
> SPAKE support, if nothing else), but I don't have a specific time-table.
> 
> HTTPS proxy support is not currently part of the Windows build, because
> of the OpenSSL dependency.  I can make an attempt to bring that in when
> I make time to do work on the Windows port.  (Bringing in an OpenSSL
> dependency would also make it possible to enable PKINIT support, though
> that might also require some work on the PKINIT code.)
> 
> It is now possible to build the Windows installer from source using the
> community (no-cost) version of the MS compiler.  See src/windows/README
> in the source tree for details.