SASL AuthN to LDAP

Brian Candler b.candler at pobox.com
Wed Oct 19 13:01:40 CEST 2016


On 19/10/2016 11:57, Brian Candler wrote:
> As an aside, I wonder if someone can answer this question. Can 
> freeradius itself fetch and refresh its own kerberos tickets using a 
> keytab?

Argh. As soon as I posted, I realised the problem: the keytab was only 
readable by root.

I set a location and permissions to make it readable:

# ls -l /etc/radiusd.keytab

-rw-r----- 1 root freerad 386 Oct 19 10:59 /etc/radiusd.keytab

and now:

KRB5_CLIENT_KTNAME=/etc/radiusd.keytab freeradius -X

works just fine. Sorry about the noise.

Regards,

Brian.



More information about the Freeradius-Users mailing list