PPTP / L2TP with Kerberos -- what specs does it follow?

Rick van Rein rick at openfortress.nl
Fri Nov 28 03:29:38 EST 2014


Hi,

> it appears that general AVPs for RADIUS / DIAMETER are supported — and that includes RADIUS’ support for Kerberos authentication.  Except that it is not supported by the IANA registry,
> http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10

I think this is simply being ignored by practical software.  Here is a detailed discussion of how to configure FreeRADIUS to use Kerberos with 802.1x authentication:

http://freeradius.1045715.n5.nabble.com/802-1x-amp-kerberos-td2765708.html

> This continues to puzzle me… one, the incredible path to get to Kerberos as a result of all these generic switch points, and second, the lack of an official spec for this use of Kerberos.

The lack of official specs appears to be the case here; in practice, it sounds like it works (on most (?) platforms?).

-Rick


More information about the Kerberos mailing list