Ah, that is true. I never though that deeply into it, and only did a POC. Is the downfall of doing things this way that passwords must be sent in the clear? On 10/21/10 1:59 AM, "Phil Mayers" <p.mayers@imperial.ac.uk> wrote:
On 10/20/2010 10:59 PM, Rowley, Mathew wrote:
I was able to configure FreeRadius/AD differently than most tutorials just using Kerberos as an authentication mechanism (sorry for any weird formatting, coming from a wiki):
(For the archives)
The reason it's different than most tutorials, to be clear, is that this config can only check PAP requests, so is not useful for the common case of PEAP/MS-CHAP for wireless/wired 802.1x.
Obviously if you use EAP-TTLS/PAP for 802.1x, or just PAP for some other service (as CLI login to switches/routers usually is) it'll work fine.
(People seem to get very confused about this topic, so it's worth noting ;o) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html