14 Sep
2007
14 Sep
'07
11:31 a.m.
Wolfgang Burger wrote:
Well, there is another Radius-Server (DRAS, running under VMS, controlled by someone else) where all the users are listet. I just thougt it would be very nice to check for a username/password, to make sure that noone gives away his certificate in any way.
Then use EAP-TTLS instead of EAP-TLS. You can then proxy the internal username/password information. With EAP-TLS, there is no username or password, so you can't proxy anything.
And, and this is more important, it is possible that someone is blocked on the other server but still has a valid certificate. By proxing the request, that user would be blocked. Any other idea how to do this?
Revoke the client certificate. Alan DeKok.