EAP-TTLS-PAP using LDAP for authorization and PAM for authentication
Erik Karlsson
pilo at ayeon.org
Sun Sep 28 18:48:58 CEST 2008
Alan DeKok wrote:
> Why not also get the passwords from ldap? Why use PAM at all?
>
Because LDAP isn't a very good solution for handling passwords, IMO. I
prefer Kerberos in its simplicity.
> If you want to use PAM, you have to force it via Auth-Type.
>
Thank you, the problem for me is that I don't know where to squeeze it
in. :)
> Because TTLS involves *two* authentication sessions. An outer one for
> EAP-TTLS, and an inner "tunneled" session where the real user-name &&
> password is sent.
>
I am starting to understand that now.
> Follow my web site (deployingradius.com) to get EAP-TTLS working.
> Once that's working, add LDAP authorization. Then, add PAM to the
> *inner* tunnel section.
>
I will.
Thank you!
More information about the Freeradius-Users
mailing list