I was unaware EAP had anything remotely to do with Kerberos.
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Saber == Saber Zrelli [EMAIL PROTECTED] writes:
Saber I was referring to a KDC instead of an IAKERB proxy. My
Saber thoughts are that these proxying functionalities should be
Saber moved to the KDC of the visited realm. But this would be
Saber another topic that I wish to start
Saber Zrelli wrote:
I was referring to a KDC instead of an IAKERB proxy. My thoughts are
that these proxying functionalities should be moved to the KDC of
the visited realm. But this would be another topic that I wish to
start soon.
Why would you want to have the KDC from one realm act as a
Hi ,
In the IAKERB draft, the followins is said :
===
6. The IAKERB proxy protocol :
...
The IAKERB proxy is responsible for locating an appropriate KDC using the realm
information in the KDC request message it received from the client.
...
I appologize for my
Hi Thomas ,
Thank you for your concern ,
following are some thoughts about this topic :
IMHO, what makes wireless networks an interesting topic when
considering Authentication is the mobile connectivity which is
technically implemented by roaming and handovers. These two
properties make
Saber == Saber Zrelli [EMAIL PROTECTED] writes:
Saber when some visiting user would like to connect to a foreign
Saber wireless network, In addition to the bootstrapping problem,
Saber the actual protocol defined by IAKERB does not allow the
Saber operator to authenticate the
In general you want to combine case 1 and case 2. So that if the user
has no ticket you get one, then you use that to get a ticket for the
accesspoint. You certainly never want to give the access point or EAP
server the password.
I'd recommend talking to Derek Atkins about your proposal.
Thomas,
Perhaps you need to look at the solution implemented by Symbol
(www.symbol.com). Their WLAN products already use kerberos for WLAN
authentication and key management as an alternative to WEP. The normal
approach with WEP is to share a secret between the AP and WLAN client,
but with
Shri == Shri Lohia [EMAIL PROTECTED] writes:
Shri 1) Where can I
Shri find the definition of EAP kerberos interface specs.
I'm not aware of any EAP standards-track or IETF work for Kerberos.
There is GSSAPI work, but I would describe it as very immature and not
a good starting point