2FA with krb5
Russ Allbery
eagle at eyrie.org
Thu Oct 7 15:55:20 EDT 2021
Simo Sorce <simo at redhat.com> writes:
> Starting an ad-hoc kdc is pretty easy, I have it done in the make check
> phase in many small projects, including starting an ldap server, I
> haven't tried radius, but hopefully starting a freeradius server is not
> exceedingly hard either.
Yeah, for the record it was just the RADIUS bit that I didn't already have
working. If anyone is curious:
https://github.com/rra/pam-krb5/tree/master/ci
contains scripts that will set up either an MIT Kerberos KDC or a Heimdal
KDC with PKINIT configured and a variety of keytabs and whatnot premade.
They are used via GitHub Actions here:
https://github.com/rra/pam-krb5/blob/master/.github/workflows/build.yaml
--
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list