23 Oct
2007
23 Oct
'07
3:23 a.m.
Zolotov, Eyal wrote:
By ‘mutual authentication’ I refer to the following authentication process:
1. The client authenticate the server
Give the client the CA cert used to sign the server cert.
2. The server authenticate the client
Create a client cert, signed by the server cert.
3. Only than – the clients sends username + password using MSCHAPv2
In unlang, set: update control { EAP-TLS-Require-Client-Cert = yes } This forces the server to validate the client cert, which is normally not required for TTLS. Alan DeKok.