HOWTO WLAN Access Point authenticate user via kerberos
John Dennis
jdennis at redhat.com
Sun Dec 13 18:01:49 CET 2009
On 12/11/2009 12:14 PM, John Mok wrote:
> Hi Phil,
>
> Thank you for your prompt reply.
>
> I googled about the subject and found the following message :-
>
> http://lists.cistron.nl/pipermail/freeradius-devel/2006-January/009250.html
>
> Can any one tell me about what the module rlm_krb5 does? Does the module
> proxy the kerberos authentication to the KDC on behalf of the WLAN
> users, and grant access to the wired network upon successful
> authentication?
Yes, it is functionally equivalent to taking the password supplied in
the radius access request message and invoking kinit with it and testing
to see if it succeeds. Please note, I said "functionally equivalent" it
does not invoke kinit rather it uses the krb5 libraries to try and
obtain a TGT on behalf of of the user, it also validates the KDC.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list