On 12/11/2009 12:14 PM, John Mok wrote:
Hi Phil,
Thank you for your prompt reply.
I googled about the subject and found the following message :-
http://lists.cistron.nl/pipermail/freeradius-devel/2006-January/009250.html
Can any one tell me about what the module rlm_krb5 does? Does the module proxy the kerberos authentication to the KDC on behalf of the WLAN users, and grant access to the wired network upon successful authentication?
Yes, it is functionally equivalent to taking the password supplied in the radius access request message and invoking kinit with it and testing to see if it succeeds. Please note, I said "functionally equivalent" it does not invoke kinit rather it uses the krb5 libraries to try and obtain a TGT on behalf of of the user, it also validates the KDC. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/