[39016] in Kerberos
Re: 2FA with krb5
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Oct 7 15:58:36 2021
From: Russ Allbery <eagle@eyrie.org>
To: Simo Sorce <simo@redhat.com>
In-Reply-To: <380d6720b77f3e741f334afc9fda20bdf75b68f0.camel@redhat.com> (Simo
Sorce's message of "Thu, 07 Oct 2021 15:35:41 -0400")
Date: Thu, 07 Oct 2021 12:55:20 -0700
Message-ID: <87h7dspq3b.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: Ken Hornstein <kenh@cmf.nrl.navy.mil>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Simo Sorce <simo@redhat.com> writes:
> Starting an ad-hoc kdc is pretty easy, I have it done in the make check
> phase in many small projects, including starting an ldap server, I
> haven't tried radius, but hopefully starting a freeradius server is not
> exceedingly hard either.
Yeah, for the record it was just the RADIUS bit that I didn't already have
working. If anyone is curious:
https://github.com/rra/pam-krb5/tree/master/ci
contains scripts that will set up either an MIT Kerberos KDC or a Heimdal
KDC with PKINIT configured and a variety of keytabs and whatnot premade.
They are used via GitHub Actions here:
https://github.com/rra/pam-krb5/blob/master/.github/workflows/build.yaml
--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos