Active Directory and FreeRadius

Zawacki Jason D Ctr AFRL/IFOS Jason.Zawacki.ctr at
Thu Jul 14 17:59:19 CEST 2005

I'd recommend skipping PAM and using MIT's kerberized telnet.  I don't
believe PAM supports single signon, whereas you can have single sign-on with
kerberized telnet. 

> -----Original Message-----
> From: freeradius-users-bounces at 
> [mailto:freeradius-users-bounces at] On 
> Behalf Of Alan DeKok
> Sent: Thursday, July 14, 2005 11:39 AM
> To: FreeRadius users mailing list
> Subject: Re: Active Directory and FreeRadius 
> "Talwar, Puneet (NIH/NIAID)" <PTALWAR at> wrote:
> > Well I can use pam_krb5, but what I am trying to accomplish 
> here is that I
> > have quite a few Linux workstation on my network and I 
> thought if I can
> > setup those Linux workstation to point to the radius server 
> where they login
> > using there Active Directory credentials.
>   You said that already.
>   What you may not know is that AD implements Kerberos.  You can use
> pam_krb5 on the Linux boxes to do *exactly* the same thing, but
> without using RADIUS at all.
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list