Disabling EAP-TLS while keeping EAP-PEAP
Reimer Karlsen-Masur, DFN-CERT
karlsen-masur at dfn-cert.de
Mon Jun 18 11:09:31 CEST 2007
Hi!
By commenting the CA_file parameter in the eap->tls section:
# CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem
*and*
by setting CA_path parameter in the eap->tls section to an *empty* directory
CA_path = ${raddbdir}/certs/trustedCAs
should do the trick.
No trusted CAs mean no trusted client certificates :-)
Martin Gadbois wrote:
> When enabling EAP-PEAP with FreeRADIUS, module EAP-TLS is required.
>
> How can I disable EAP-TLS while using EAP-PEAP?
>
> I agree that if the client does not have a client key, EAP-TLS will not
> work. But how to restrict EAP-TLS in any case?
--
Beste Gruesse / Kind Regards
Reimer Karlsen-Masur
DFN-PKI FAQ: https://www.pki.dfn.de/faqpki
--
Dipl.-Inform. Reimer Karlsen-Masur (PKI Team), Phone +49 40 808077-615
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5853 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070618/8da2744a/attachment.bin>
More information about the Freeradius-Users
mailing list