FreeRADIUS Wiki	Main Page | About | Help | FAQ | Special pages | Log in
	Printable version | Disclaimers | Privacy policy

Rlm krb5

From FreeRADIUS Wiki

Contents 1 FreeRADIUS Kerberos 5 Module (rlm_krb5) 1.1 Compilation issues 1.2 Heimdal libraries support 1.3 Configuration parameters 1.4 Links

FreeRADIUS Kerberos 5 Module (rlm_krb5)

Compilation issues

The rlm_krb5 module, by default, presumes you have the MIT Kerberos 5 distribution. Notes from that distribution:

On linux, you may have to change:

deplibs_test_method="pass_all"

in ../libtool

Otherwise, it complains if the krb5 libs aren't shared.

Heimdal libraries support

If you are using the Heimdal Kerberos 5 distribution, pass a --enable-heimdal-krb5 to the configure line. With Heimdal, you'll need to have a radius/your.hostname.example.org key in your keytab (which needs to be readable by the user running the RADIUS server).

Configuration parameters

You can configure the module with the following parameters:

krb5 {

    # keytab containing the key used by rlm_krb5
    keytab = /path/to/keytab
   
    # principal that is used by rlm_krb5
    service_principal = radius/some.host.com
}

Make sure the keytab is readable by the user that is used to run radiusd and that your authorization configuration really uses rlm_krb5 to do the authentication. You will need to add the following to the 'authenticate' section of your radiusd.conf file:

Auth-Type Kerberos {
    krb5
}

Links

• Configure radius to authenticate on an Active Directory server

Edit this page | Discuss this page | Page history | What links here | Related changes Main Page | About FreeRADIUS Wiki | Find: This page has been accessed 4,803 times. This page was last modified 05:34, 13 March 2007.