I-D for a new method: EAP-Kerberos
Rick van Rein
rick at openfortress.nl
Tue Apr 5 10:44:02 CEST 2016
Hi,
@Alan Yes, I meant Kerberos over EAP.
Arran> I think EAP-Kerberos would be useful to bootstrap kerberos SSO
during network login.
Arran> I've been waiting for someone to come up with standard for this
for 10 years
You may want to have a look at the following references, sent to me by
Rafael Marín López of Uni Madrid in Spain:
1. - Rafael Marín López, Fernando Pereñiguez-Garcia, Yoshihiro Ohba, Fernando Bernal-Hidalgo, Antonio F. Gómez-Skarmeta:
A Kerberized Architecture for Fast Re-authentication in Heterogeneous Wireless Networks
2. - EAP-Kerberos: Leveraging the Kerberos Credential Caching Mechanism for Faster Re-authentications in Wireless Access Networks
Saber Zrelli, Nobuo Okabe, Yoichi Shinoda
https://tools.ietf.org/html/draft-marin-eap-frm-fastreauth-03
https://tools.ietf.org/html/draft-zrelli-eap-frap-04
I still need to read up on these to see if what I'm proposing is really new. But it is really helpful to have seen your acknowledgement that I'm on to something useful. Thanks!
-Rick
More information about the Freeradius-Users
mailing list