Building the PKINIT plugin on Windows

Benjamin Kaduk kaduk at
Fri Oct 9 16:04:44 EDT 2020

On Fri, Oct 09, 2020 at 11:39:31AM -0400, Ken Hornstein wrote:
> >When I last looked into this, the OpenSSL dependency seemed to be the
> >trickiest part.  I didn't have any luck finding examples on github that
> >didn't check OpenSSL binaries into the repository.  So insight from
> >Windows developers on this point would be the most useful from my
> >perspective.  That would also pave the way for k5tls (for MS-KKDCP
> >support) and, less importantly, SPAKE support for the NIST curves.
> I guess I'm wondering exactly what kind of infrastructure you want
> in the Windows build process; do you want to have it build OpenSSL
> as well, or simply point to already-built OpenSSL libraries?  It looks
> like all our Windows build system does is run "perl Configure VC-WIN64A"
> and then just uses nmake (there may be more steps involved, I'm not
> an expert on the Windows build process we use, but those look like the
> key ones).

I believe that's all there is to the build process (you can, of course,
specify other arguments/options to Configure if desired); the trick is in
making sure that the dependencies and environment are in place.  The two
typical stubmling blocks are getting a functional perl available in the
PATH, and making sure to find the right Visual Studio Developer Tools
Command Prompt (or whatever it's called on your version of visual studio).


More information about the krbdev mailing list