Re: Banning users in a nice way...

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Wed, 27 Jun 2007 14:15:49 +0100

For your case 1): depends. If there actually is a user cert on the client's 

box and its CN does not contain an @, same as above applies. If their CN does 

contain an @, well, then you are pretty much lost. Shouldn't be many though.

No certs on users boxes, completely vanilla installs... Well as vanilla 

as a students laptop can be ... vanilla + Azureus + Kazza + Spyware

>Not that I can think of. You shouldn't be able to coax a supplicant >onto
>a network by munging authentication (this is a *good* thing).
>josh.

Yes it is I suppose :)

This is what I suspected... I was planning on just sending an 

Access-Accept EAP packet and seeing what happened. But i'm guessing even 

if it did work (due to microsoft supplicant being horribly broken) it 

would go against quite a few RFCs, and wouldn't really make a good case 

study for JRS ;)

Thanks for both your replys :)
--
Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900