OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: remd on August 03, 2017, 04:36:56 pm

Title: MIT Kerberos Access Server ?
Post by: remd on August 03, 2017, 04:36:56 pm

There was a mention of MIT kerberos 5 in the 17.1.2 release.
Is this exclusively to support AD access ? I'm asking because we are using LDAP/Kerberos (MIT v5) and I was wondering if it was possible to authenticate  through MIT Kerberos as well ?

Else we are also using SAML2 and OAuth2 (through keycloak), but I don't see these options listed at all..

Title: Re: MIT Kerberos Access Server ?
Post by: franco on August 03, 2017, 05:49:31 pm

Hi there,

The change was for the library that a single plugin (web proxy single-sign-on) uses. We do not use krb anywhere in OPNsense at this point. LDAP / AD connectivity is done via PHP's LDAP implementation.

It's possible to add new authenticators, though we are hoping for code via users who have such setups and can help to bring these features into the release.


Cheers,
Franco