WPA Enterprise, 802.1X, Freeradius, EAP & Kerberos
Scott Sears
scott at myemma.com
Fri May 8 21:38:12 CEST 2009
Alan,
Thank you for your quick and kind response.
On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
> Scott Sears wrote:
>> I cannot get all the pieces working together.
>> Laptop->AP->Freeradius->Kerberos.
>
> It's impossible.
Here is the thread which made me think it was possible, and led me to
this list. Apparently I've made a mistake, but perhaps you can
explain the difference between my goal and the one described in the
thread?
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg39522.html
On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
> Kerberos requires a clear-text password to authenticate (or various
> Kerberos crypto tokens derived from the password).
>
> PEAP supplies an MS-CHAP hash, not a clear-text password.
I understand this. I believed that I could set up an encryption
tunnel and then send the cleartext securely within tunnel to the KDC.
All that being said, here is my last question:
Is it *in any way* possible to securely authorize mobile supplicants
through a wireless AP to a Freeradius server using a KDC for
authentication? Perhaps its doable, but I'm just not on the right
track.
Thanks again for your time.
Scott Sears
More information about the Freeradius-Users
mailing list