8 May
2009
8 May
'09
4:11 p.m.
Arran Cudbard-Bell wrote:
If you use SecureW2, you can configure Windows to do TTLS+PAP. That will supply a clear-text password in the inner tunnel, which will allow kerberos to work.
Really? I would have thought the exchange would be far more complex than just PAP? Surely you can't bootstrap Kerberos like that.
You can't. But you can use a KDC as an authentication oracle. RADIUS: Is this PAP password OK? KDC: yes/no. RADIUS: thanks...
Has anyone actually got EAP-Kerberos or some other equivalent scheme working with windows ?
Ugh. No. Alan DeKok.