On 04/03/2010 08:30 AM, Alan DeKok wrote:
Mowgli Assor wrote:
OK, but is there any way to do that without setting a DEFAULT entry? I
really want Kerberos to be just another in the long list of things it
tries for authentication, and when one of them succeeds, it stops and
returns ACCEPT (unless of course Fall-Through is set, but in what
I'm setting up it would not be).
That's not really how authentication works. You need to decide which
users get what kind of authentication. Then, configure it.
rlm_krb5 does not have an authorize callback therefore it's can't say
"I'm available for authentication if there is a cleartext password" like
any other pap style method. Why does rlm_krb5 have behavior seemingly at
odds with the other types of modules in it's family (e.g. those which
can authenticate given a cleartext password).
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
