Kerberos for Wireless Authentication

Jeffrey Altman jaltman2 at nyc.rr.com
Wed Jun 1 10:26:00 EDT 2005


NetSteady wrote:

> Actually, our product doesn't require EAP-GSS, nor EAP-Kerberos.
> 
> Instead, we use existing, popular authentication mechanisms to provide
> kerberos functionality to mainstream RADIUS servers. There is no
> additional software required other than the EAP supplicant, and the
> client doesn't even realize that they're authenticating to anything
> different.
> 
> Our product doesn't even need Kerberos for Windows in order to
> authenticate the client to the Kerberos Database.
> 
> That being said, we do not currently have the capability to pass the
> ticket on to the client. Our software is simply for authenticating
> kerberos credentials against the server.
> 
> Any other thoughts?

I would argue that you are not really using Kerberos.   If the
client is sending user/password data to the server all you are
doing is using Kerberos to perform a database lookup.   This
technique is frequently used as a means of providing single password
functionality to an organization but it is not Kerberos.

Jeffrey Altman


-- 
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu


More information about the Kerberos mailing list