On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote:
> Hi all
> I'm going to deploy "kerberised network" and have some questions. 
> I've deployed FreeIPA server and enrolled hosts, it's OK, 
> I've deployed RHEV and configured FreeIPA as DS, it's OK. 
> FreeRADIUS is used for user login (thought  Cisco FireWall or Cisco
> VPN) and contains user database (mysql). 
> Is it possible to integrate FreeRADIUS server and FreeIPA? For
> security reasons replication of transfer)  of passwords is impossible.
> possible scenario: 
> User tries to access some resource (ssh for example) -> ssh server
> goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using
> kerberos if possible?)  -> krb ticket -> login

No doesn't work this way.
But you can use LDAP as a backend for FreeRADIUS so that Radius goes to
FreeIPA to try to authenticate users.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to