WPA Enterprise, 802.1X, Freeradius, EAP & Kerberos
Alan DeKok
aland at deployingradius.com
Fri May 8 22:11:23 CEST 2009
Arran Cudbard-Bell wrote:
>> If you use SecureW2, you can configure Windows to do TTLS+PAP. That
>> will supply a clear-text password in the inner tunnel, which will allow
>> kerberos to work.
>
> Really? I would have thought the exchange would be far more complex than
> just PAP? Surely you can't bootstrap Kerberos like that.
You can't. But you can use a KDC as an authentication oracle.
RADIUS: Is this PAP password OK?
KDC: yes/no.
RADIUS: thanks...
> Has anyone actually got EAP-Kerberos or some other equivalent scheme
> working with windows ?
Ugh. No.
Alan DeKok.
More information about the Freeradius-Users
mailing list