RE: Kerberos krb5

2003-11-11 Thread Kevin C Miller
You need a key for host/[hostname] in the krb5 keytab by default. You can use the 'service_principal' configuration parameter to change the principal required; for example you could specify 'radius' and then the krb5 authenticator would look for radius/[hostname] in the krb5 keytab. Aside from

RE: Kerberos krb5

2003-11-11 Thread Juha Sievi-Korte
On Tue, 11 Nov 2003, Ron Wahler wrote: > You need to be able to point it to the KDC ( Key Distribution Center ) > an > IP address or domain, and set up a shared key between them. So there has > To be a way to configure it. What I thought is that you just need a working kerberos environment in you

RE: Kerberos krb5

2003-11-11 Thread Ron Wahler
4 PM > To: [EMAIL PROTECTED] > Subject: Re: Kerberos krb5 > > "Ron Wahler" <[EMAIL PROTECTED]> wrote: > > Is there an example of how to set up the krb5 authentication module? > > I don't think it takes any configuration, so it shoul

Re: Kerberos krb5

2003-11-10 Thread Alan DeKok
"Ron Wahler" <[EMAIL PROTECTED]> wrote: > Is there an example of how to set up the krb5 authentication module? I don't think it takes any configuration, so it should just be an empty: modules { ... krb5 { } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/

RE: Kerberos krb5

2003-11-10 Thread Ron Wahler
Is there an example of how to set up the krb5 authentication module? In the auth section? krb5{ } > -Original Message- > From: Alan DeKok [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 4:54 PM > To: [EMAIL PROTECTED] > Subject: Re: Kerberos krb5 > >

Re: Kerberos krb5

2003-11-10 Thread Alan DeKok
"Ron Wahler" <[EMAIL PROTECTED]> wrote: > From looking into the code it looks like FreeRadius acts as the > Kerberos Client. So is this a hook just to authenticate with a KDC ? Yes. > So it would not include all the other Client to Application server > Kerberos > Interaction. So the real clie

RE: Kerberos krb5

2003-11-10 Thread Ron Wahler
    From looking into the code it looks like FreeRadius acts as the Kerberos Client.  So is this a hook just to authenticate with a KDC ? So it would not include all the other Client to Application server Kerberos Interaction.  So the real client is not Kerberos aware… ?   I can’

Kerberos krb5

2003-11-10 Thread Ron Wahler
  I can’t seem to find a good explanation of how FreeRadius Integrates in with krb5 Kerberos.      Client ->  AP ->  FreeRadius -> KDC   ?   Where FreeRadius converts the client request into a Kerberos client request , Getting a ticket from the KDC and then returning the ticket to