I am trying to setup windows server for FAST encrypted channel support to test OTP pre authentication in kerberos.
I have already tested on linux machine by deploying KDC using krb5-1.12.1 source code, freeradius server and using keytab of service principal to receive armor ccache to be used to establish FAST encrypted channel between client and KDC. I have setup windows server 2012 for kerberos, and added support for "KDC support for claims, compound authentication and Kerberos armoring" policy on it. I can receive TGT for service principal. But, when I execute the command "kinit -T <armor-cache> <principal>", KDC does not reply with any padata and no FAST encrypted channel is established (observed through wireshark log and Kerberos library logs). Is it possible to establish a FAST encrypted channel between linux client and Windows AD? Have I missed any setting? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
