Hi Lucas,
I use a rather complex setup using MIT Kerberos, FreeRadius and OpenLDAP. Passwords are in LDAP. The KDC does not hold any user passwords and instead asks the Radius Server to verify passwords, which in turn goes through PAM and then to LDAP. The setup requires you clients to support PKINIT/FAST, which I guess most clients do, but require additional setup. Also you can do OTP using this setup - even switchable per user via LDAP. If you have any questions regarding details, feel free to ask. Regards Simon ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
