Alan, Thank you for your quick and kind response. On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
Scott Sears wrote:
I cannot get all the pieces working together. Laptop->AP->Freeradius->Kerberos.
It's impossible.
Here is the thread which made me think it was possible, and led me to this list. Apparently I've made a mistake, but perhaps you can explain the difference between my goal and the one described in the thread? http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg39522.h... On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
Kerberos requires a clear-text password to authenticate (or various Kerberos crypto tokens derived from the password).
PEAP supplies an MS-CHAP hash, not a clear-text password.
I understand this. I believed that I could set up an encryption tunnel and then send the cleartext securely within tunnel to the KDC. All that being said, here is my last question: Is it *in any way* possible to securely authorize mobile supplicants through a wireless AP to a Freeradius server using a KDC for authentication? Perhaps its doable, but I'm just not on the right track. Thanks again for your time. Scott Sears