I’d like to avoid having to use a second cache to armor 2FA requests. My impression was
that SPAKE was supposed to fix this. I just installed a new kdc (replica of an old one) in
Centos 8. It understands SPAKE, offering it as preauthebtication for normal users. But a
user with 2FA is not offered SPAKE preach. I still have to use FAST.
Have I misunderstood, or is extra configuration needed?
Show replies by date