On 8/6/09 12:49, devesh gade wrote:
hi alan,
Windows caches the EAPOL credentials for that network after a successful connection. Thanks for confirming,I had thought so.
I would like to inform you that i am working on the server side and not the client side.Hence it is not feasible to change the registry entry of every client.
you could have a logout script that wipes the EAPOL stuff.. is there any way to write this logout script at the server side and execute it at the client? Also,is there any other way so that the client is asked his username/password every time he tries to connect to the network? Is there any change to be made to the eap.conf file in the tls{} cache{} section so that this problem may be solved?
No. That section has absolutely nothing to do with credential caching. As stated it controls *session* caching which is something completely different, and should only be enabled to allow rapid re-authentication. Nothing you can do server side will stop the supplicant using cached credentials, other than issuing a reject every other authentication attempt (and this only works with windows, and not reliably); or using an OTP system like the RSA SecurID tokens. Arran -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2