Disabling EAP-TLS while keeping EAP-PEAP

Martin Gadbois martin.gadbois at colubris.com
Mon Jun 18 14:37:23 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reimer Karlsen-Masur, DFN-CERT wrote:
> Hi!
> 
> By commenting the CA_file parameter in the eap->tls section:
> 
> # CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem
> 
> *and*
> 
> by setting CA_path parameter in the eap->tls section to an *empty* directory
> 
> CA_path = ${raddbdir}/certs/trustedCAs
> 
> should do the trick.
> 
> No trusted CAs mean no trusted client certificates :-)
> 


Clever! Thanks!



- --
==============         +---------------------------------------------+
Martin Gadbois         | "Please answer by yes or no.                |
Sr. SW Designer        | Uncooperative user waste precious CPU time" |
Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969  |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGdnyD9Y3/iTTCEDkRApsHAJ4lbCBVKyd7abo3iwPax7p5o6mJmQCgtSnh
XxxNtA3ZkZ1SSz+ulLYKiyo=
=IZ66
-----END PGP SIGNATURE-----



More information about the Freeradius-Users mailing list