On 23 Aug 2012, at 01:30, Shumon Huque shu...@upenn.edu wrote:
Jim,
We've been through this, and I'll describe what we did to
address it.
There are two problems with the freeradius code that cause
performance problems with a Kerberos backend:
1) It doesn't disable the replay cache,
We used to have a setup where most all of our authentication went against 1
or two servers. We did make some changes in radiusd.conf and did not have
a problem with any of this. We have since also allowed PEAP but still do
not see problems. I found that when we did have problems it was never
On Thu, Aug 23, 2012 at 08:18:18AM +0100, Arran Cudbard-Bell wrote:
So an interesting question would be - is anyone actually using
EAP-Kerberos? If not, i'll disable caching by default and add a note
to the configuration. AFAIK no supplicant has actually implemented
any of the client side
Microsoft just released a security advisory about MSCHAPv2, and listed PEAP
/MSCHAPv2 as a solution to the problem for people who only use MSCHAPv2 for
PPTP vpn tunnels. So, I feel more comfortable that the standard secure
wireless PEAP/MSCHAPv2 is still safe. That's a good thing, because
Disabling the cache by default would be great. Thanks!
EAP-Kerberos doesn't actually exist today as a documented spec -
Ah I guess I guess what I read wasn't an official IETF draft (it was years ago
and I figured someone might have done something by now).
I'm sure that's why there's no
Curious if any other schools have Global Aptitude digital playbook app in use
for their athletics, and have found any issues supporting the streaming video
(from the web) aspects of it- particularly over WLAN?
-Lee Badman
Lee H. Badman
Wireless/Network Engineer
Information Technology and