Certificate-based client side authentication towards a website with freeradius
Alan DeKok
aland at deployingradius.com
Wed Jul 1 20:14:56 CEST 2009
Martin Schneider wrote:
> We need also authorization. So we want to
>
> 1.) check if the certificate is signed by a "trusted ca"
That is done by the normal certificate validation process.
> 2.) check if the username x in the certificate is "known"
What does that mean? If the CA signed the certificate, then the
usename is known. Why would the CA sign a certificate for an unknown user?
> 3.) check if the user with name x is authorized to access the service.
That can be done with RADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list