Re: how to allow only one authentication ?

Fri, 20 Jan 2006 08:54:08 -0800


Hello.
sorry to disturb you.
I disable all authentication modules in the authenticate session I left only:

# kerberos
        Auth-Type Kerberos {
                krb5
        }

   eap

in the authorize sezzion of radiusd.conf I disabled everything and I left only
eap and files

in this way Kerberos authentication + ldap authorization works.
I want ONLY this method to work, but also EAP-TLS with certificates works,
while I want to disable it for users.
If I remove eap from the authorizatin section, I prefent certificate authentication to
work but also Kerberos authentication will not work.

in my users file I have the string

DEFAULT  Auth-Type = Kerberos


How I can solve this problem ?
I tryed in all possible qays I Cannot disable EAP-TLS with certificates if I want
EAP-TTLS to work with kerberos and ldap.
might you help me ?
thanks

Rick






Alan DeKok wrote: 
"Riccardo.Veraldi" <[EMAIL PROTECTED]> wrote:
  
I would like only users with  kerberos credentials to being able to 
authenticate
    

  Then delete everything from the "authenticate" section, except for
"eap" and "krb5".  Also, ensure that nothing in the "authorize"
section obtains a clear-text password for the user from a database.

  That guarantees:

  a) no password by which to authenticate someone
  b) therefore they must use kerberos
  c) they can't use anything other than kerberos

  Everyone else will have no way to get authenticated, and will be
rejected.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to