P.S. You may also want to know about .../doc/rlm_krb5 and the FreeRadius archives where it has something about configuration options:
radiusd.conf (file) ... modules { krb5 { } # you might use pam (Pluggable Authentication Module) pam { Pam-Auth = "rad" } } ... authorize ... authenticate { pam krb5 } users (file) ... DEFAULT Auth-Type == Kerberos... #(Auth-Type(s) found in the dictionary file(s)) or DEFAULT Auth-Type == Pam, Pam-Auth == "rad2" ... /etc/pam.d/rad (and/or rad2 pam configuration file with) ... auth sufficient /lib/security/pam_krb5.so no_user_check #(because you probably don't have kerberos users in your radius host's /etc/shadow file) auth required /lib/security/pam_deny.so ... also your /etc/krb5.keytab file (or whatever file you use for your host/radius-server...) needs to be readable by the user you run radiusd as so you can verify the kerberos credentials. > I'm trying to get freeradius to authenticate against a > kerberos v5 > server and can't seem to get very far. The machine > I'm using is running > freeradius on under netbsd version 1.6.1. I've > successfully gotten > freeradius 0.9.1 to do normal radius authentication > against the unix > password file. But now would like to move up to > freeradius 0.9.3 and > would like to start autheticating against the kerberos > server. I'm > trying to run configure (from v 0.9.3 tarball )with > the following options : > > --with-rlm-krb5-include-dir=/usr/include/krb5 > --with-snmp=no options > > Which results in the following messages being printed > on the screen : > > configure: warning: snmpget not found - > Simultaneous-Use and checkrad.pl > may not work > configure: warning: snmpwalk not found - > Simultaneous-Use and > checkrad.pl may not work > configure: warning: ****** BSD Style gethostbyaddr > might NOT be > thread-safe! ****** > configure: warning: ****** BSD Style gethostbyname > might NOT be > thread-safe! ****** > configure: warning: silently not building rlm_counter. > configure: warning: FAILURE: rlm_counter requires: > libgdbm. > configure: warning: silently not building rlm_ippool. > configure: warning: FAILURE: rlm_ippool requires: > libgdbm. > configure: warning: silently not building rlm_krb5. > configure: warning: FAILURE: rlm_krb5 requires: krb5. > configure: warning: silently not building rlm_pam. > configure: warning: FAILURE: rlm_pam requires: > libpam. > configure: warning: iodbc headers not found. Use > --with-iodbc-include-dir=<path>. > configure: warning: sql submodule 'iodbc' disabled > configure: warning: mysql headers not found. Use > --with-mysql-include-dir=<path>. > configure: warning: sql submodule 'mysql' disabled > configure: warning: silently not building > rlm_sql_postgresql. > configure: warning: FAILURE: rlm_sql_postgresql > requires: libpq-fe.h libpq. > configure: warning: oracle headers not found. Use > --with-oracle-home-dir=<path>. > configure: warning: sql submodule 'oracle' disabled > configure: warning: unixODBC headers not found. Use > --with-unixodbc-include-dir=<path>. > configure: warning: sql submodule 'unixodbc' disabled > > The thing about this that bothers me is that this > server is able to do > kerberos v5 authentication of logins right now and I > can successfuly run > kinit, klist etc, so the server is certainly kerberos > capable. What is > do I need to do to make configure stop complaining > about not having krb5 ? > Dave Schrader > > -- > Chaos reigns within. > Reflect, repent and reboot. > Order shall return. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html