how to allow only one authentication ?
Riccardo.Veraldi
Riccardo.Veraldi at fi.infn.it
Thu Jan 12 16:34:21 CET 2006
Hello,
I could succesfully use EAP-TTLS with kerberos authentication.
my problem now is that in this way also users who have a certificate can
authenticate.
I would like only users with kerberos credentials to being able to
authenticate
in my users file I have
DEFAULT Auth-Type = Kerberos
in this way any EAP-TLS with a valid certificate can authenticate
while I do not want people to use the certificate, because the only
method I wish to allow is login/password on kerberos server.
There is a way to do it ? To allow ONLY kerberos via EAP-TTLS ?
I Tryed with a Auth-Type := Reject but with no luck..
So what I did is this.
I wrote this users file:
"user1" Auth-Type = Kerberos
DEFAULT Auth-Type := Reject
in this case the user called user1 can authenticate with Kerberos credential
and he cannot authenticate if it has a certificate, this as I Wantet
but THIS WORKS only for user1
I want to do it for all users in the Kerberos database, and I do not like
to write all the usernames in the users file.
If I use
DEFAULT
instead of "user1" in the line above it does not work ...
Please maybe there is a hint which could help me ?
thanks
Rick
More information about the Freeradius-Users
mailing list