As a RADIUS client, does the MIT KDC support EAP, PEAP, or similar authentication mechanisms?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

As a RADIUS client, does the MIT KDC support EAP, PEAP, or similar authentication mechanisms?

Dickinson, Luke
When using the FAST OTP preauthentication module for the KDC, the OTP is passed to the KDC over an encrypted FAST channel. The KDC then passes the OTP over to a RADIUS server.

When the KDC communicates with a RADIUS server, can this be done over a more secure method such as EAP or PEAP?

When OTP was first implemented in version 1.12, support for EAP was not included as stated here http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS : "RADIUS is not FIPS compliant due to the use of MD5 in the protocol. EAP might make RADIUS FIPS compliant and Fedora ships a libeap. Integration of EAP is not planned at this time".

Has integration of EAP been included in more recent versions? If not, is there any plan to?

Thanks,

Luke

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos