FIDO U2F Support

Greg Hudson ghudson at
Wed Dec 16 14:42:53 EST 2015

On 12/16/2015 01:32 PM, Martin Gegenleitner wrote:
> (

> Since the wiki-page was updated on 2015-03-17, I wanted to know if there
> is any progress in this project

There has been substantial progress.  See:

To summarize:

* We have a draft which hasn't been adopted by the kitten working group
yet (we need to make a few more changes, resubmit it, and then put it in
the queue for adoption).

* I have an in-progress implementation, using placeholder values, which
does the SPAKE exchange using OpenSSL's P-256 curve implementation.

* The next step is to add pluggable interfaces on the KDC and client
side for second factors.  This part is difficult.

Despite the lack of second-factor pluggable interfaces, you could
probably implement a proof of concept using the existing code, without
worrying about making it a proper plug-in module.

More information about the krbdev mailing list