On Friday, December 19, 2003 08:47:27 -0600 dave schrader <[EMAIL PROTECTED]> wrote:
Are there any modules available that will allow freeradius to do kerberos authentication under netbsd ? Dave Schrader
Freeradius includes a 'rlm_krb5' module which will verify passwords against your krb5 KDC. Note that this is not the same as using Kerberos to authenticate the RADIUS protocol spoken between the NAS and RADIUS server.
I have attached a patch against freeradius-0.3 which makes some improvements to the rlm_krb5 module, including actually validating the tickets it obtains in the process of verifying a password. We've been running this for a couple of years with good results. It won't be exactly what you need, but it should serve as a good starting point. Notably...
- We've run this on Linux, but not any of the BSD's - I've made no attempt to port to newer versions of freeradius - We build against Heimdal, and there are some API differences. I can't promise this will build as-is against MIT krb5.
If you have an AFS client (see www.openafs.org), you can find our full source tree in /afs/cs.cmu.edu/misc/nettools/src/freeradius-0.3 (and patches in ../Patches), and our configuration (minus the actual keys) in /afs/cs.cmu.edu/data/domain/config/raddb
Good luck...
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
freeradius-krb5.patch
Description: Binary data
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
