Hi all,
I'm trying to configure a MIT Kerberos server (I belive version 1.15) to do OTP
preauth against a FreeRadius server on a Debian 9 host.
What I did so far was:
1) installed and configured FreeRadius to only do OTP with google-authenticator
via PAM => works
2) installed and configured
t: Friday, July 7, 2017 2:07:34 PM
To: Felix Weissbeck
Cc: kerberos@mit.edu; Brennecke, Simon
Subject: Re: Kerberos OTP with FreeRadius
On Fri, Jul 07, 2017 at 11:04:47AM +0200, Felix Weissbeck wrote:
>
> The "problem" hereby is, that you can now obtain a kerberos ticket with
Hi again,
Aswering my own question:
https://www.eyrie.org/~eagle/software/pam-krb5/pam-krb5.html
One has to add "anon_fast" to the line containing "pam_krb5.so" in
/etc/pam.d/common-auth.
Thanks & regards
Simon
________
From: Brennecke, Sim
Hi Lucas,
I use a rather complex setup using MIT Kerberos, FreeRadius and OpenLDAP.
Passwords are in LDAP. The KDC does not hold any user passwords and instead
asks the Radius Server to verify passwords, which in turn goes through PAM and
then to LDAP.
The setup requires you clients to suppo
