Freeradius & kerberos preauth
Alan DeKok
aland at ox.org
Fri Jul 1 18:37:31 CEST 2005
"Roy D. Hockett" <royboy at umich.edu> wrote:
> In kerberos v5 you can require what is referred to as preauth, and
> this means that the KDC doesn return a TGT until the client has
> authenticated. So I am asking if anyone have freeradius with the
> kerberos module working with a Kerberos KDC that requires
> preauthentication.
Hmm... I'm not sure the interaction of RADIUS & Kerberos allows for
that. So far as the FreeRADIUS server is concerned, kerberos is just
another "database", that returns OK/Fail for user/password
authentication. The user doesn't even know that FreeRADIUS is doing
kerberos.
I thnk the answer to your question is "No". The user isn't doing
kerberos, so any "pre-auth" or TGT stuff just won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list