On 12/11/2009 12:14 PM, John Mok wrote:
Hi Phil,
Thank you for your prompt reply.
I googled about the subject and found the following message :-
http://lists.cistron.nl/pipermail/freeradius-devel/2006-January/009250.html
Can any one tell me about what the module rlm_krb5 does? Does the module
proxy the kerberos authentication to the KDC on behalf of the WLAN
users, and grant access to the wired network upon successful
authentication?
Yes, it is functionally equivalent to taking the password supplied in
the radius access request message and invoking kinit with it and testing
to see if it succeeds. Please note, I said "functionally equivalent" it
does not invoke kinit rather it uses the krb5 libraries to try and
obtain a TGT on behalf of of the user, it also validates the KDC.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
