I'm looking for a little guidance on the best way to handle Admin access to Aruba Instant using freeRADIUS for Authentication, which subsequently uses Kerberos5 as the back-end for Authorization and user-database. Without becoming an expert in freeRADIUS and Kerberos5, and without purchasing an expensive AAA solution, what is the best way to handle/limit basic Authentication of specific kerberos5 users logging into the IAPs Instant portal, for example, Admins?
I use this solution for Authenticating 802.1x WiFi users, and works successfully. I just need to be able to allow or deny Login Access to the Instant portal istelf to Administer configurations based on either freeRADIUS or Kerberos5. I'm just not sure which is the best way to go yet.
In short: I have RADIUS configured in Instant. RADIUS uses Kerberos5 as a back-end for Authentication and Authorization. I need to identify who is an Administrator allowed to configure the Aruba devices through Admin access to "Instant" without allowing all my Kerberos5 users access.
Believe me, trying to find the answer to this question has been really difficult, because neither RADIUS or Kerberos developer sites address the coexistence of both in one solution.