21 May
2016
21 May
'16
3:28 a.m.
Dear list, [snip]
To my knowledge a TLS certificate will contain a username (a NAI) in TLS-Client-Cert-Common-Name.
You can always check that if the TLS name does not match the username specified, you reject the request?
[snip] many thanks for the comments. I activated `check_cert_cn' in eap.conf. Now users can't choose a login name by their own and so bypass user specific regulations. Jens