"Roy D. Hockett" <[EMAIL PROTECTED]> wrote: > In kerberos v5 you can require what is referred to as preauth, and > this means that the KDC doesn return a TGT until the client has > authenticated. So I am asking if anyone have freeradius with the > kerberos module working with a Kerberos KDC that requires > preauthentication.
Hmm... I'm not sure the interaction of RADIUS & Kerberos allows for that. So far as the FreeRADIUS server is concerned, kerberos is just another "database", that returns OK/Fail for user/password authentication. The user doesn't even know that FreeRADIUS is doing kerberos. I thnk the answer to your question is "No". The user isn't doing kerberos, so any "pre-auth" or TGT stuff just won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html