28 Sep
2008
28 Sep
'08
12:48 p.m.
Alan DeKok wrote:
Why not also get the passwords from ldap? Why use PAM at all?
Because LDAP isn't a very good solution for handling passwords, IMO. I prefer Kerberos in its simplicity.
If you want to use PAM, you have to force it via Auth-Type.
Thank you, the problem for me is that I don't know where to squeeze it in. :)
Because TTLS involves *two* authentication sessions. An outer one for EAP-TTLS, and an inner "tunneled" session where the real user-name && password is sent.
I am starting to understand that now.
Follow my web site (deployingradius.com) to get EAP-TTLS working. Once that's working, add LDAP authorization. Then, add PAM to the *inner* tunnel section.
I will. Thank you!