Hello guys, Another guy answered me the following...
What FreeRADIUS can do is obtain a TGT (ticket granting ticket) on behalf of the user using the supplied password. If the TGT request succeeds FreeRADIUS considers that a successful authentication. The problem is the TGT, which is *necessary* for single signon (software on behalf of the user supplies the TGT when necessary) is not available because it's not returned in the radius protocol. The TGT obtained by FreeRADIUS on behalf of the user is effectively thrown away and is not available for further use. So, anyone have any ideas how to get the TGT to make de single sign-on that I want? Thanks, Thiago ________________________________ De: Thiago Gonzaga B. Galvão <[email protected]> Para: [email protected] Enviadas: Quinta-feira, 24 de Junho de 2010 12:25:56 Assunto: Freeradius Kerberos Openldap windows > Hi guys, > I have the following situation on my network... > I have an Openldap server working as well, and it stores all my users >informations... > I configure a Kerberos server to use this openldap as a backend > We would like to implement an Single Sign On to our "web intranet" using >kerberos tickets... > The user willauthenticates onto a freeradius server, it will refer to > external >source kerbero, and kerberos will be configured with openldap backend > >(the >openldap server that i have). > And my clients are mostly windows... Is it possible with this scenario that I >want, windows clients get kerberos tickets to make a Single Sign On, on > my >web >intranet? > Regards, > Thiago ________________________________ "In a World without Walls and Fences, who need Windows and Gates? Think different. Think Linux" ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
