I do not know too much about RADIUS, so please excuse me if the question is stupid.
Anyway, I am wondering if you can do single sign-on between RADIUS and Kerberos, using a token.
I think it should work something like this ...
- A user logs in through pam_radius_auth, using token based challenge-response
- pam_radius_auth somehow knows a user name and a password for Kerberos (maybe it gets them from RADIUS server?)
- pam_radius_auth passes the user name and password to the next module (pam_krb5)
- pam_krb5 does Kerberos authentication
Has anybody tried/done this?