Auth-Type krb5 not recognized by v2.1.12

Matthew Newton mcn4 at
Wed Mar 27 13:02:15 CET 2013

On Wed, Mar 27, 2013 at 04:09:09AM +0100, Jaap Winius wrote:
> Quoting Phil Mayers <p.mayers at>:
> >... you should be using 2.2.0 or 2.2.1 when it's release, as the
> >2.1.10/11/12 releasea have a known security issue.
> I'll be sure to install 2.2.x as soon as a Debian package becomes
> available for it, but for now I'm going to stick with 2.1.x.

For what it's worth, rolling your own FreeRADIUS packages for
Debian is trivial.

> After upgrading to 2.1.12, what kills my setup is that Freeradius
> will no longer start up if I leave 'DEFAULT Auth-Type = krb5'
> enabled in the users file.

That's interesting, but without a copy of the debug output from
radiusd -X, nobody will know where to start.

You could also put the following in your inner-tunnel, rather than
the line in your users file, which is probably the tidier way:

update control {
  Auth-Type := krb5

but both should work. We need full debug output.

> But if I disable it, I get exactly the same failure output as I
> do from 2.1.10 when I disable that line in the users file.

Understandable; that's not the issue here.



Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list