3.92. <AuthBy HEIMDALDIGEST>

This clause authenticates users against Heimdal Kerberos, using the kdigest program part of Heimdal Kerberos. For more information, see Heimdal website Opens in new window.
Works with RADIUS-PAP, EAP-MD5, EAP-MSCHAPV2 (and therefore TTLS-PAP, TTLS-EAP-MD5, PEAP-EAP-MD5, PEAP-EAP-MSCHAPV2, TTLS-EAPMSCHAPV2).
Other types of authentication cannot be supported by Heimdal for technical reasons.
AuthBy KRB5 for a module that can work with any Kerberos, but is limited to PAP and TTLS-PAP. For more information, see Section 3.69. <AuthBy KRB5>
See goodies/heimdaldigest.cfg for an example configuration file. See goodies/heimdal.txt for guidance and help in setting up a simple Heimdal system for testing.
<AuthBy HEIMDALDIGEST> understands also the same parameters as <AuthBy xxxxxx>. For more information, see Section 3.32. <AuthBy xxxxxx>.

3.92.1. KdigestPath

The path to the executable Heimdal kdigest program. This program will be run externally by AuthBy HEIMDALDIGEST to authenticate each password.
Defaults to /usr/libexec/kdigest.
KdigestPath /usr/heimdal/lib/kdigest

3.92.2. KdigestSuffix

String that will be added to the end of each user name before authenticating with kdigest. Defaults to empty string. See also default_realm in krb5.conf, which will be used if user name does not contain a Kerberos realm.
KdigestSuffix @MYCOMPANY.COM

3.92.3. KdigestRealm

String specifying the Kerberos realm that will be used to authenticate each user. Used to specify --kerberos-realm= to kdigest. Defaults to undefined.
KdigestRealm OPEN.COM.AU