user(name) and EAP-TLS
Klaus Klein
k.klein at gmx.de
Sat Aug 4 11:10:38 CEST 2012
Am 04.08.2012 03:15, schrieb Alan DeKok:
> Klaus Klein wrote:
>>> Which uses certificates for authentication.
>> Correct.
> Thanks for the vote of confidence.
You're welcome. :)
> The point of my comment was that it DOESN"T use names&& passwords for
> authentication.
I did understand this part.
Nevertheless, if I follow the documentation provided with freeradius (e.g. aaa.rst.gz) then authorization comes before authentication.
Also
... an authorization module searches a database ... (/etc/freeradius/users ?)
--- if none of database records for this User-Name matches ... authorization will fail.
Therefore I'm a bit puzzled that if no matching entry in users is found that the authentication still takes place.
I think in that case the behavior contradicts the 'Request Processing' described in aaa.rst.gz
Klaus
More information about the Freeradius-Users
mailing list