moving from WPA2 to WPA2 Enterprise

Stefan Winter stefan.winter at restena.lu
Wed Jun 24 08:19:07 CEST 2015


Hi,

> The required software is used for many years by many people. For
> example various universities provide it with their eduroam program to
> enable their students and employees to use EAP-TTLS. Just do a quick
> google for "SecureW2" and even the first two pages list plenty of
> known universities.

Who have all stopped doing this because SecureW2 is throwing
cease-and-dedists against them for using the GPL version of the SecureW2
client.

Beware.

Greetings,

Stefan Winter

> 
> But if you still don't want to use it: Why not using EAP-TLS? It's not
> tunneled but supported by nearly everything, even Windows XP. And if
> you want it to be very secure you could require users to enter the
> private key password every time they use it and additionally store the
> key/cert on a smartcard (yubikey neo).
> 
>> What other options are there? My feeling the second best option is to use client certificates. But would I still be able to use openldap in the background?
>> What about revocation lists? How do I take care of them?
> 
> You can add your own OID to your client certificates as Certificate
> Policies (https://www.openssl.org/docs/apps/x509v3_config.html#Certificate-Policies)
> and those can be used by RADIUS / LDAP.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150624/263ef42a/attachment.sig>


More information about the Freeradius-Users mailing list