[Freeipa-users] Can FreeIPA use FreeRADIUS as users provider
Simo Sorce
simo at redhat.com
Thu Mar 1 14:11:41 UTC 2012
On Thu, 2012-03-01 at 16:35 +0400, Pavel Zhukov wrote:
> Hi all
> I'm going to deploy "kerberised network" and have some questions.
> I've deployed FreeIPA server and enrolled hosts, it's OK,
> I've deployed RHEV and configured FreeIPA as DS, it's OK.
>
> FreeRADIUS is used for user login (thought Cisco FireWall or Cisco
> VPN) and contains user database (mysql).
>
> Is it possible to integrate FreeRADIUS server and FreeIPA? For
> security reasons replication of transfer) of passwords is impossible.
>
> possible scenario:
> User tries to access some resource (ssh for example) -> ssh server
> goes to kerberos (IPA) server -> IPA (LDAP?) goes to RADIUS (using
> kerberos if possible?) -> krb ticket -> login
No doesn't work this way.
But you can use LDAP as a backend for FreeRADIUS so that Radius goes to
FreeIPA to try to authenticate users.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list