Grouping after Kerberos 5 authentication accepted?

Jason Chan jchan2 at utm.utoronto.ca
Wed Apr 18 21:40:25 CEST 2007


Hello,

Is it possible for FreeRadius to perform grouping after Kerberos
authentication accepted?

My company has many switches and servers and we use kerberos 5 for
RADIUS authentication. Once the user is authenticated, RADIUS will check
and decide if this user can access the switches or particular servers
(i.e. Allow telnet to the switch if the user belongs to the 'switch
administrator' group).

I've looked in the huntgroup file but it seems to require a lot of works
for a very large company (5000+ users), and the problem is we can't
touch the Kerberos server.

Any help would be appreciated. Thank you


Regards,
Jason 




More information about the Freeradius-Users mailing list