Freeradius & kerberos preauth

Alan DeKok aland at
Fri Jul 1 18:37:31 CEST 2005

"Roy D. Hockett" <royboy at> wrote:
> In kerberos v5 you can require what is referred to as preauth, and
> this means that the KDC doesn return a TGT until the client has
> authenticated.  So I am asking if anyone have freeradius with the
> kerberos module working with a Kerberos KDC that requires
> preauthentication.

  Hmm... I'm not sure the interaction of RADIUS & Kerberos allows for
that.  So far as the FreeRADIUS server is concerned, kerberos is just
another "database", that returns OK/Fail for user/password
authentication.  The user doesn't even know that FreeRADIUS is doing

  I thnk the answer to your question is "No".  The user isn't doing
kerberos, so any "pre-auth" or TGT stuff just won't work.

  Alan DeKok.

More information about the Freeradius-Users mailing list