Re: TTLS with Mutual Authentication

Alan DeKok <aland@deployingradius.com> · Tue, 23 Oct 2007 09:23:50 +0200

Zolotov, Eyal wrote:
> By ‘mutual authentication’ I refer to the following authentication process:
> 
> 1.       The client authenticate the server

  Give the client the CA cert used to sign the server cert.

> 2.       The server authenticate the client

  Create a client cert, signed by the server cert.

> 3.       Only than – the clients sends username + password using MSCHAPv2

  In unlang, set:

  update control {
	EAP-TLS-Require-Client-Cert = yes
  }

  This forces the server to validate the client cert, which is normally
not required for TTLS.

  Alan DeKok.