PAM authentication with Eduroam
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jun 29 17:30:41 CEST 2015
Hi,
> Instead, you should investigate the "abfab" IETF WG technologies:
>
> https://tools.ietf.org/wg/abfab/
>
> In brief, this is an EAP-over-GSSAPI mechanism which is then passed
> off to the Eduroam proxy hierarchy; you can then use GSSAPI-for-SSH
> patches to login over SSH using Eduroam.
its not passed over the eduroam proxy heirarchy. its based on using trust-routers
for the server-server introductions....
but yes, this is whats needed - and what moonshot offers already. its not just some old
pages and half completed wiki - it forms the basis of eg the Assent service from Jisc
http://www.jisc.ac.uk/assent
and was created BECAUSE it cannot be done via basic RADIUS calls to proper backends
(eg challenge response methods or use of TLS certs).
moonshot uses FreeRADIUS by the way.
.....and yes, no OSX support is very much a big problem for many of us right now
alan
More information about the Freeradius-Users
mailing list