I'd recommend skipping PAM and using MIT's kerberized telnet. I don't believe PAM supports single signon, whereas you can have single sign-on with kerberized telnet.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alan DeKok > Sent: Thursday, July 14, 2005 11:39 AM > To: FreeRadius users mailing list > Subject: Re: Active Directory and FreeRadius > > "Talwar, Puneet (NIH/NIAID)" <[EMAIL PROTECTED]> wrote: > > Well I can use pam_krb5, but what I am trying to accomplish > here is that I > > have quite a few Linux workstation on my network and I > thought if I can > > setup those Linux workstation to point to the radius server > where they login > > using there Active Directory credentials. > > You said that already. > > What you may not know is that AD implements Kerberos. You can use > pam_krb5 on the Linux boxes to do *exactly* the same thing, but > without using RADIUS at all. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html