This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1F5FD.9C7D1A60 Content-Type: text/plain; charset="csiso2022jp" Hello, I do not know too much about RADIUS, so please excuse me if the question is stupid. Anyway, I am wondering if you can do single sign-on between RADIUS and Kerberos, using a token. I think it should work something like this ... - A user logs in through pam_radius_auth, using token based challenge-response - pam_radius_auth somehow knows a user name and a password for Kerberos (maybe it gets them from RADIUS server?) - pam_radius_auth passes the user name and password to the next module (pam_krb5) - pam_krb5 does Kerberos authentication Has anybody tried/done this? ------_=_NextPart_001_01C1F5FD.9C7D1A60 Content-Type: text/html; charset="csiso2022jp" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=csiso2022jp"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> <TITLE>PAM, RADIUS and Kerberos?</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>Hello, </FONT> </P> <P><FONT SIZE=2>I do not know too much about RADIUS, so please excuse me if the question is stupid. </FONT> </P> <P><FONT SIZE=2>Anyway, I am wondering if you can do single sign-on between RADIUS and Kerberos, using a token.</FONT> <BR><FONT SIZE=2>I think it should work something like this ... </FONT> </P> <P><FONT SIZE=2>- A user logs in through pam_radius_auth, using token based challenge-response</FONT> <BR><FONT SIZE=2>- pam_radius_auth somehow knows a user name and a password for Kerberos (maybe it gets them from RADIUS server?)</FONT> <BR><FONT SIZE=2>- pam_radius_auth passes the user name and password to the next module (pam_krb5)</FONT> <BR><FONT SIZE=2>- pam_krb5 does Kerberos authentication</FONT> </P> <P><FONT SIZE=2>Has anybody tried/done this? </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C1F5FD.9C7D1A60--
