On Feb 22, 2016, at 10:46 AM, Sylvain Munaut <s.munaut@whatever-company.com> wrote:
Well my use case is not that simple :) If you're issued a cert you can prove who you are. But then depending on who you proved you were, you're going to be granted / denied access to whatever you're requesting to access.
That has *nothing to do with EAP-TLS*. You're again confusing two unrelated issues.
Do you even read what I write ?
Carefully.
Matthew wrote :
"if you can present a valid certificate then you are permitted to connect."
To which I responded :
""" If you're issued a cert you can prove who you are. But then depending on who you proved you were, you're going to be granted / denied access to whatever you're requesting to access. """
WHERE in that am I mixing things up ?!?
*How* the user authenticated themselves is completely independent of *what* the user is allowed to do. Alan DeKok.