In general you want to combine case 1 and case 2. So that if the user has no ticket you get one, then you use that to get a ticket for the accesspoint. You certainly never want to give the access point or EAP server the password.
I'd recommend talking to Derek Atkins about your proposal. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
