22 Dec
2016
22 Dec
'16
1:20 a.m.
Good morning all. I've searched a bit and while I found some information about how the client validates the SSID using certificates, it's not entirely clear how to make sure a fake SSID cannot steal user/pass from clients. As per previous mails, we're running EAP method TTLS with PAP 2nd phase against a Kerberos oracle. We're using CA signed wildcard cert for our internal network. Do we need to use a username@domain username structure to validate the realm (I assume using the domain_realm config in /etc/krb5.conf) use SSL to validate the radius server it's communicating with ? Does that also mean we can have multiple domains pointing to multiple realms using seperate realms and domain_realm configurations ? Regards Henti -- --