You could issue a machine-specific key table, and then use a script that does kinit from the key table, then kinit -T pointing to the resulting credentials cache. I have verified the KfW kinit -T works.
We use OTP on Linux. I can’t get FAST/PKINIT to work there either. I have a kerberized service (using the machine’s key table) that will generate a credentials cache on a server and return it. That’s used to bootstrap kinit -T. Surely there was a better approach than getting X509 involved in kerberos. I look forward to any alternatives. My problem with KfW is more serious: I can’t get putty to see the tickets. That makes it of no real use to me. I’m going to try installing Ubuntu on Windows. > On Oct 30, 2017, at 5:25 AM, Oleksandr Yermolenko <a...@sumix.com> wrote: > > Hi all, > > I'm trying to configure a Windows 7 workstation to do OTP preauth. > > I've installed MIT Kerberos for Windows 4.1, put krb5.ini as for linux > and ... of course obtain the error "Generic preauthentication > failure". FAST/PKINIT anonymous unsupported ... > > any ideas how to implement OTP for Windows with MIT kerberos client? > possible? > > thanks a lot for your help > > Oleksandr Yermolenko > > I can use without any problem on the systems Debian/CentOS based > according to [1] and [2] > > [1] > https://na01.safelinks.protection.outlook.com/?url=https:%2F%2Fwww.eyrie.org%2F~eagle%2Fsoftware%2Fpam-krb5%2Fpam-krb5.html&data=02%7C01%7Chedrick%40rutgers.edu%7C9d7e7243d2584751e24f08d51f789b14%7Cb92d2b234d35447093ff69aca6632ffe%7C1%7C0%7C636449525221981239&sdata=YBF9PR3Pb9Hp7E2JewIVBH7%2B2OKCVWmrUpShS5jVgrI%3D&reserved=0 > [2] > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.mit.edu%2Fpipermail%2Fkerberos%2F2017-July%2F021747.html&data=02%7C01%7Chedrick%40rutgers.edu%7C9d7e7243d2584751e24f08d51f789b14%7Cb92d2b234d35447093ff69aca6632ffe%7C1%7C0%7C636449525221981239&sdata=%2BW5z617hkF39IGa29zFBAJj7JJWKGFnBQG891F7ZNb0%3D&reserved=0 > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=02%7C01%7Chedrick%40rutgers.edu%7C9d7e7243d2584751e24f08d51f789b14%7Cb92d2b234d35447093ff69aca6632ffe%7C1%7C0%7C636449525221981239&sdata=U%2BlGLzBr0hX5ZZisc%2Frb2CK%2FRxs34kj%2BBdo0gbJZxUk%3D&reserved=0 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
