On 01/15/2013 11:09 AM, Simo Sorce wrote:
> On Tue, 2013-01-15 at 16:39 +0100, Han Boetes wrote:
>> Hi,
>> Since most of our cisco images do not support encryption the apparent
>> way to go is using radius which is supported by most  cisco devices.
>> What is the current status for making this wonderful idea work in the
>> real world.
> We haven;t resumed work to integrate radius as a full feature component
> of FreeIPA yet, sorry.
> Simo.
But this does not mean that you can't use freeradius with LDAP, Kerberos
or PAM plugin.
You do not need to have integrated radius to get auth from IPA.

Just configure freeradius to use one of those authentication methods and
you can use it with freeIPA.
We recommend to configure EAP-TTLS if your infrustucture supports it and
use PAP as an inner method.
If this is not possible you would have to use PAP so you need to use
pretty long secrets (i would say 20 bytes at least).
Keep in mind that not tunneled PAP is based on MD5 which would be a
problem if your environment needs to comply with different compliance
acts; tunneling would be a must.

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to