P.S. You may also want to know about .../doc/rlm_krb5
and the FreeRadius archives where it has something
about configuration options:
radiusd.conf (file)
...
modules {
krb5 {
}
# you might use pam (Pluggable Authentication Module)
pam {
Pam-Auth = "rad"
}
}
...
authorize ...
authenticate {
pam
krb5
}
users (file)
...
DEFAULT Auth-Type == Kerberos...
#(Auth-Type(s) found in the dictionary file(s)) or
DEFAULT Auth-Type == Pam, Pam-Auth == "rad2"
...
/etc/pam.d/rad (and/or rad2 pam configuration file with)
...
auth sufficient /lib/security/pam_krb5.so no_user_check
#(because you probably don't have kerberos users in
your radius host's /etc/shadow file)
auth required /lib/security/pam_deny.so
...
also your /etc/krb5.keytab file (or whatever file you
use for your host/radius-server...) needs to be
readable by the user you run radiusd as so you can
verify the kerberos credentials.
> I'm trying to get freeradius to authenticate against a
> kerberos v5
> server and can't seem to get very far. The machine
> I'm using is running
> freeradius on under netbsd version 1.6.1. I've
> successfully gotten
> freeradius 0.9.1 to do normal radius authentication
> against the unix
> password file. But now would like to move up to
> freeradius 0.9.3 and
> would like to start autheticating against the kerberos
> server. I'm
> trying to run configure (from v 0.9.3 tarball )with
> the following options :
>
> --with-rlm-krb5-include-dir=/usr/include/krb5
> --with-snmp=no options
>
> Which results in the following messages being printed
> on the screen :
>
> configure: warning: snmpget not found -
> Simultaneous-Use and checkrad.pl
> may not work
> configure: warning: snmpwalk not found -
> Simultaneous-Use and
> checkrad.pl may not work
> configure: warning: ****** BSD Style gethostbyaddr
> might NOT be
> thread-safe! ******
> configure: warning: ****** BSD Style gethostbyname
> might NOT be
> thread-safe! ******
> configure: warning: silently not building rlm_counter.
> configure: warning: FAILURE: rlm_counter requires:
> libgdbm.
> configure: warning: silently not building rlm_ippool.
> configure: warning: FAILURE: rlm_ippool requires:
> libgdbm.
> configure: warning: silently not building rlm_krb5.
> configure: warning: FAILURE: rlm_krb5 requires: krb5.
> configure: warning: silently not building rlm_pam.
> configure: warning: FAILURE: rlm_pam requires:
> libpam.
> configure: warning: iodbc headers not found. Use
> --with-iodbc-include-dir=<path>.
> configure: warning: sql submodule 'iodbc' disabled
> configure: warning: mysql headers not found. Use
> --with-mysql-include-dir=<path>.
> configure: warning: sql submodule 'mysql' disabled
> configure: warning: silently not building
> rlm_sql_postgresql.
> configure: warning: FAILURE: rlm_sql_postgresql
> requires: libpq-fe.h libpq.
> configure: warning: oracle headers not found. Use
> --with-oracle-home-dir=<path>.
> configure: warning: sql submodule 'oracle' disabled
> configure: warning: unixODBC headers not found. Use
> --with-unixodbc-include-dir=<path>.
> configure: warning: sql submodule 'unixodbc' disabled
>
> The thing about this that bothers me is that this
> server is able to do
> kerberos v5 authentication of logins right now and I
> can successfuly run
> kinit, klist etc, so the server is certainly kerberos
> capable. What is
> do I need to do to make configure stop complaining
> about not having krb5 ?
> Dave Schrader
>
> --
> Chaos reigns within.
> Reflect, repent and reboot.
> Order shall return.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
