On Thursday, March 21, 2002, at 10:44 AM, Alan DeKok wrote:
> PAM authenticates username/passwords. My understanding of EAP is > that if you're doing EAP authentication over RADIUS, then there may > not be a username/password in the RADIUS packet. > > Therefore you can't do PAM authentication with EAP. > > Ok.. 0.5 also has rlm_krb5. :) > > I don't know enough about EAP to know how it does authorization. > But from reading RFC 2869 (RADIUS extensions, including EAP), it > loooks to me like EAP is mainly for authentication, and that > "onld-style" RADIUS username/password attributes don't appear in > RADIUS packets with EAP. Okay so if I'm following this correctly and from my understanding of RFC 2869, EAP doesn't simply "encrypt" or wrap the normal radius process. With that said where does the authentication information come from? Derek - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
