User + X Authentication
Christ Schlacta
lists at aarcane.org
Wed Sep 21 07:54:15 CEST 2011
If you've got sufficient control over CPE and CPE is all sufficiently
capable, you should be doing EAP-TLS authentication anyway. if CPE is
compromised, you can simply reflash, replace the credentials, and revoke
the old ones.
On 9/20/2011 04:18, Raz Muhammad wrote:
>
> Hi,
>
> We are successfully running the following version on our network for
> our DSL users.
>
> FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar
> 31 2010 at 00:25:31
>
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
>
> FreeRADIUS was compiled with MySQL and radcheck is used for
> authentication along with other relevant tables.
>
> We recently had a scenario where security of a CPE is a concern, and
> using PPP authentication is not enough. Someone suggested using
> Routers mac address along with PPP username/password authentication.
> But this method would relay on getting the router Mac address during
> the PPP negotiation, and it might be coming via the calling-station-id
> attribute, some suggestions are about using EAP and certifcates on the
> router.
>
> I would like to find out what would be the best way to go for extra
> layer of authentication based security while using FreeRADIUS? and how
> can that be done with MySQL?
>
> Regards
>
> Raz
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110920/a1823c87/attachment.html>
More information about the Freeradius-Users
mailing list