Certificate-based client side authentication towards a website with freeradius

Martin Schneider martincschneider at googlemail.com
Thu Jul 2 09:16:17 CEST 2009


Hello Jay

> If you want to leverage the existing user profiles in the RADIUS
> server for authentication, authorization, this Internet Draft TLS-EAP
> Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be
> what you are looking for. Unfortunately, there is no implementation up
> to date as far as I know.
>
> I am designing and developing the software for this Internet draft
> based on OpenSSL, EAP module from wpa-supplicant and freeradius
> client. Please let me know any special requirements if you are
> interested in using TLS-EAP Extension.

I read the draft you mentioned above and I'm not 100% sure if I
understood it correctly.

So basically spoken the authentication/authorization becomes more of
less independant from the application using this software/draft.
There's an authentication/authorization infrastructure besides client
and service that is generic and can be used for *different* services.
So, e.g. I can use it for authentication/authorization for a
webbrowser towards apache, for a mailclient towards the mailservice
etc.

If it is like that, this sounds pretty amazing and would give us
exactely what we need.

Best regards!
M



More information about the Freeradius-Users mailing list