Post-Auth LDAP with computer names rather than usernames
Alan DeKok
aland at deployingradius.com
Sat Oct 20 00:20:12 CEST 2018
On Oct 19, 2018, at 5:45 PM, Hans-Christian Esperer <hc at hcesperer.org> wrote:
>
> On Fri, Oct 19, 2018 at 10:39:33PM +0100, Matthew Newton wrote:
>> Never said it was a good replacement, just a close approximation.
>>
>> Sometimes you have to work with what you've got.
>
> I don't agree that it is an approximation, let alone a close one.
You're welcome to your opinion. Unfortunately, your opinion can't change reality.
The issues you bring up have been known for years, if not decades.
> TBH, I don't understand at all why MAC addresses are used everywhere in
> security relevant contexts. All these wifi "portals" are fundamentally flawed
> because of this.
Because it's all we have. As Matthew said, we're limited by what we have.
We *cannot* upgrade tens of millions of access points and end devices. So any *realistic* security solution uses the available tools to come up with the best possible solution, given the limitations we have.
Denying that is a fools dream.
Alan DeKok.
More information about the Freeradius-Users
mailing list