Res: Freeradius Kerberos Openldap windows
Thiago Gonzaga B. Galvão
thiagobandinha at yahoo.com.br
Fri Jul 9 10:22:53 EDT 2010
Hello guys,
Another guy answered me the following...
What FreeRADIUS can do is obtain a TGT (ticket granting ticket) on behalf of the
user using the supplied password. If the TGT request succeeds FreeRADIUS
considers that a successful authentication. The problem is the TGT, which is
*necessary* for single signon (software on behalf of the user supplies the TGT
when necessary) is not available because it's not returned in the radius
protocol. The TGT obtained by FreeRADIUS on behalf of the user is effectively
thrown away and is not available for further use.
So, anyone have any ideas how to get the TGT to make de single sign-on that I
want?
Thanks,
Thiago
________________________________
De: Thiago Gonzaga B. Galvão <thiagobandinha at yahoo.com.br>
Para: kerberos at mit.edu
Enviadas: Quinta-feira, 24 de Junho de 2010 12:25:56
Assunto: Freeradius Kerberos Openldap windows
> Hi guys,
> I have the following situation on my network...
> I have an Openldap server working as well, and it stores all my users
>informations...
> I configure a Kerberos server to use this openldap as a backend
> We would like to implement an Single Sign On to our "web intranet" using
>kerberos tickets...
> The user willauthenticates onto a freeradius server, it will refer to external
>source kerbero, and kerberos will be configured with openldap backend > (the
>openldap server that i have).
> And my clients are mostly windows... Is it possible with this scenario that I
>want, windows clients get kerberos tickets to make a Single Sign On, on > my web
>intranet?
> Regards,
> Thiago
________________________________
"In a World without Walls and Fences, who need Windows and Gates? Think
different. Think Linux"
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list