Configuring OTPOverRadius

Cornelius Kölbel cornelius.koelbel at
Mon Aug 5 11:26:02 EDT 2013


I tried to setup a KDC with OTPoverRadius in a lab environment following

I checked out the latest commit 7963a951f326c854d2faa5f26827407632c2b496
from August 1st from and compiled from source.

I used the same sources on the client machine, and configured a user
with pre-auth and static password, which works fine.
The otp preauth seemed to have compiled successfully:

Now I wanted to see the preauth against the RADIUS so I add this to my

        server =
        secret = geheim
        strip_realm = true

and added the user string:
kadmin.local:  get_strings cornelius
otp: [{}]

But when doing a kinit on the client machine, the KDC still sends a
ERR_PREAUTH_REQUIRED and the user can authenticate with the static
password. No RADIUS traffic.

What is the status of the OTP/Radius plugin?
Did I miss something?

Thanks a lot and kind regards

Cornelius Kölbel
(Head of Product Management)
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel: +49 6151 86086-252, Fax: -299, Mobil: +49 160 96307089
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschaeftsfuehrer: Oliver Michel, Sven Walther, Dr. Peter Schill

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
Url :

More information about the krbdev mailing list