Hi, @Alan Yes, I meant Kerberos over EAP. Arran> I think EAP-Kerberos would be useful to bootstrap kerberos SSO during network login. Arran> I've been waiting for someone to come up with standard for this for 10 years You may want to have a look at the following references, sent to me by Rafael Marín López of Uni Madrid in Spain: 1. - Rafael Marín López, Fernando Pereñiguez-Garcia, Yoshihiro Ohba, Fernando Bernal-Hidalgo, Antonio F. Gómez-Skarmeta: A Kerberized Architecture for Fast Re-authentication in Heterogeneous Wireless Networks 2. - EAP-Kerberos: Leveraging the Kerberos Credential Caching Mechanism for Faster Re-authentications in Wireless Access Networks Saber Zrelli, Nobuo Okabe, Yoichi Shinoda https://tools.ietf.org/html/draft-marin-eap-frm-fastreauth-03 https://tools.ietf.org/html/draft-zrelli-eap-frap-04 I still need to read up on these to see if what I'm proposing is really new. But it is really helpful to have seen your acknowledgement that I'm on to something useful. Thanks! -Rick
participants (1)
-
Rick van Rein