[36621] in Kerberos
Re: PPTP / L2TP with Kerberos -- what specs does it follow?
daemon@ATHENA.MIT.EDU (Rick van Rein)
Fri Nov 28 03:29:53 2014
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
From: Rick van Rein <rick@openfortress.nl>
In-Reply-To: <5DC4DB89-3B46-44BB-BDE0-B0D92028DEB7@openfortress.nl>
Date: Fri, 28 Nov 2014 09:29:38 +0100
Message-Id: <D4AA6C47-7A7D-42CB-97E2-FA8A932CBC63@openfortress.nl>
To: Frank Cusack <frank@linetwo.net>, Hugh Cole-Baker <sigmaris@gmail.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi,
> it appears that general AVPs for RADIUS / DIAMETER are supported — and that includes RADIUS’ support for Kerberos authentication. Except that it is not supported by the IANA registry,
> http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10
I think this is simply being ignored by practical software. Here is a detailed discussion of how to configure FreeRADIUS to use Kerberos with 802.1x authentication:
http://freeradius.1045715.n5.nabble.com/802-1x-amp-kerberos-td2765708.html
> This continues to puzzle me… one, the incredible path to get to Kerberos as a result of all these generic switch points, and second, the lack of an official spec for this use of Kerberos.
The lack of official specs appears to be the case here; in practice, it sounds like it works (on most (?) platforms?).
-Rick
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
