how to allow only one authentication ?
Riccardo.Veraldi
Riccardo.Veraldi at fi.infn.it
Fri Jan 20 17:38:16 CET 2006
Hello.
sorry to disturb you.
I disable all authentication modules in the authenticate session I left
only:
# kerberos
Auth-Type Kerberos {
krb5
}
eap
in the authorize sezzion of radiusd.conf I disabled everything and I
left only
eap and files
in this way Kerberos authentication + ldap authorization works.
I want ONLY this method to work, but also EAP-TLS with certificates works,
while I want to disable it for users.
If I remove eap from the authorizatin section, I prefent certificate
authentication to
work but also Kerberos authentication will not work.
in my users file I have the string
DEFAULT Auth-Type = Kerberos
How I can solve this problem ?
I tryed in all possible qays I Cannot disable EAP-TLS with certificates
if I want
EAP-TTLS to work with kerberos and ldap.
might you help me ?
thanks
Rick
Alan DeKok wrote:
>"Riccardo.Veraldi" <Riccardo.Veraldi at fi.infn.it> wrote:
>
>
>>I would like only users with kerberos credentials to being able to
>>authenticate
>>
>>
>
> Then delete everything from the "authenticate" section, except for
>"eap" and "krb5". Also, ensure that nothing in the "authorize"
>section obtains a clear-text password for the user from a database.
>
> That guarantees:
>
> a) no password by which to authenticate someone
> b) therefore they must use kerberos
> c) they can't use anything other than kerberos
>
> Everyone else will have no way to get authenticated, and will be
>rejected.
>
> Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060120/4c66d33e/attachment.html>
More information about the Freeradius-Users
mailing list