On Fri, Nov 28, 2014 at 12:29 AM, Rick van Rein <r...@openfortress.nl> wrote:
> Here is a detailed discussion of how to configure FreeRADIUS to use > Kerberos with 802.1x authentication: > > http://freeradius.1045715.n5.nabble.com/802-1x-amp-kerberos-td2765708.html > That discussion is how to setup a PAP request inside an EAP-TTLS tunnel, which is then backended by Kerberos. IOW, the client has to send the password. This is rather server-specific (how to configure different authentication databases) and not really a "Kerberos" authentication. I didn't read the document, but from the name of it the EAP-GSS method I noted earlier would be a true Kerberos authentication -- the client has to pass on a kerberos token, not a password. It sounded like that's what you were going after. I'm wouldn't be surprised if this isn't well implemented/supported/documented. It would require the KDC to be out in the open (to get the ticket used for the VPN auth) and most folks aren't going to do that. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
