Authenticate to LDAP with GSSAPI

brendan kearney bpk678 at gmail.com
Sun Jun 14 19:13:00 CEST 2015


On Jun 14, 2015 12:31 PM, "Arran Cudbard-Bell" <a.cudbardb at freeradius.org>
wrote:
>
> Maybe, if other people want that, could they speak up now? Or are other
people wanting the same type of authentication as the OP described?
>
Speaking up...

While I would like the ability to have radius authenticate to ldap via
kerberos ticketing / keytab / gssapi / sasl,  my scenario would differ in
that I am only using ldap for AuthZ.  AuthN is handled by my kerberos
instances.

I see application of keytab usage also benefiting interactions with AD.

Maybe its just me, but I see the use of a keytab as "more secure" or maybe
"less insecure" than having a password in a config file.  Granted file
permissions and the use of a "throw away ID" are best practices for this
kind of setup, I still would favor the keytab use in addition to those
steps.


More information about the Freeradius-Users mailing list