EAP-TLS & deny access?

uhel at gmx.net uhel at gmx.net
Mon May 26 23:52:55 CEST 2008


Alan DeKok <aland at deployingradius.com> wrote:
> uhel at gmx.net wrote:
> > how can i deny access to a user (a certificate)? 
> 
>   Set Auth-Type := Reject
> 
> > Is a CRL (with the CA_path and c_rehash stuff) the only possibility to
> > deny access or is it possible to have a *whitelist* (like the CA_path
> > and c_rehash stuff but as a whitelist) with certs that are allowed? 
> 
>   If you don't want the user to be authenticated, why are you issuing
> certificates for them?

because there might be a reason not to trust them anymore.
 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

So it seems that i have to implement a CRL. 
Thanks for your quick answer.

-- 
regards uHel 



More information about the Freeradius-Users mailing list