Alan,
Thank you for your quick and kind response.
On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
Scott Sears wrote:
I cannot get all the pieces working together.
Laptop->AP->Freeradius->Kerberos.
It's impossible.
Here is the thread which made me think it was possible, and led me to
this list. Apparently I've made a mistake, but perhaps you can
explain the difference between my goal and the one described in the
thread?
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg39522.html
On May 8, 2009, at 2:00 PM, Alan DeKok wrote:
Kerberos requires a clear-text password to authenticate (or various
Kerberos crypto tokens derived from the password).
PEAP supplies an MS-CHAP hash, not a clear-text password.
I understand this. I believed that I could set up an encryption
tunnel and then send the cleartext securely within tunnel to the KDC.
All that being said, here is my last question:
Is it *in any way* possible to securely authorize mobile supplicants
through a wireless AP to a Freeradius server using a KDC for
authentication? Perhaps its doable, but I'm just not on the right
track.
Thanks again for your time.
Scott Sears
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
