MAC+EAP authentication
Artur Hecker
artur.hecker at gmail.com
Tue Jun 14 07:12:01 CEST 2005
i personally think that it's completely useless.
implementing EAP or MAC authentication, meaning that one of both would
work, is a huge security hole and requiring both is useless since EAP
authentication implicitly filters away everything unauthenticated...
(even if i understand that might be necessary for current WiFi phones,
etc., please be aware that under linux you can actually change the MAC
address with one command...)
ciao
artur
On 6/13/05, Alan DeKok <aland at ox.org> wrote:
> "Jefri bin Dahari" <jeff at mimos.my> wrote:
> > I plan to implement simultaneous MAC+EAP authentication for my wireless
> > users. From my observation, Freeradius can only do either MAC or EAP but not
> > MAC and EAP authentication. Can somebody gives me some hints on how to do
> > that?
>
> It can do both. EAP is authentication, MAC checking isn't really
> authentication.
>
> What are you seeing in RADIUS packets, and what do you want to happen?
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list