1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • Radius failover server for OTP Preauthentication

    From Abdelkader Chelouah@21:1/5 to All on Fri Jun 18 17:59:45 2021
    Hello,


    I'm using krb5-1.18.3. When using OTP Preauthentication mechanism, the
    token type is defined according to the following format

    [otp]
    <name> = {
    server = <host:port or filename> (default: see below)
    secret = <filename>
    timeout = <integer> (default: 5 [seconds])
    retries = <integer> (default: 3)
    strip_realm = <boolean> (default: true)
    indicator = <string> (default: none)
    }


    It is my understanding that the *server* field (radius server) accepts
    only one *host:port* endpoint. For high availability purpose, is it
    possible to specify multiple endpoint ?


    Best regards

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Hudson@21:1/5 to Abdelkader Chelouah on Fri Jun 18 14:02:08 2021
    To: kerberos@mit.edu

    On 6/18/21 11:59 AM, Abdelkader Chelouah wrote:
    It is my understanding that the *server* field (radius server) accepts
    only one *host:port* endpoint. For high availability purpose, is it
    possible to specify multiple endpoint ?

    It is not. The recommended approach for this is to run a local RADIUS
    proxy server on the KDC host.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)