hi :-)
this is called EAP-GSS and it does exist:
http://www.drizzle.com/~aboba/IEEE/draft-aboba-pppext-eapgss-12.txt
there have been some troubles with standard kerberos detected by Thomas Wu... they also become important when used over EAP due to the potentially high number of reauthentications. anyway, the attacks are referenced more precisely in the draft which should also provide work arounds.
ciao artur
Tom Rixom wrote:
Mike,
I have been following the Kerberos discussion for a while and this was exactly wat I was thinking.
But where to start? What is required for Kerberos authentication?
Tom
-----Original Message----- From: Michael Griego [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 8:02 PM To: [EMAIL PROTECTED] Subject: RE: PEAP w/MS-CHAPv2:: Wireless Authentication against WindowsAD as user profile storage
On Wed, 2004-04-07 at 11:57, Steve OBrien wrote:
Does anyone know if you can use Kerberos for user authentication for PEAP?
Not unless there's an EAP-Kerberos (EAP-KRB?) to be used for the
inside-tunnel authentication. I, however, never heard of any work being
done on an EAP-Kerberos method. Perhaps you could start your own draft
with the IETF? :)
--
--Mike
----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
