Martin, You are correct that you need modified TLS library, EAP module and GUI for configuration EAP parameters integrated with each client. It is quite feasible with Firefox. The modified library, EAP module (library) can be made as patch to Firefox and Microsoft IE is another story. Thanks, Jay On Thu, Jul 9, 2009 at 2:56 AM, Martin Schneider<martincschneider@googlemail.com> wrote:
Helllo Jay
The Internet Draft address what you described in web client/Apache server and mail client and mail server applications. The TLS-EAp extension is leveraging existing user credential and profile in AAA server. In addition, you have flexibility to choose different authentication method using EAP. You can use token based authentication or client Certificate based authentication.
What I still do not understand completely is the Client side integration into existing software, e.g. Firefox which has its own TLS implementation. So, theoretically you need to modify the TLS implementation of each Client program that it can handle the InterimAuth Message and forward the following EAPMessages to the EAP-Infrastructure.
What kind of mail client/mail server and web client/web server are you using?
Well I think we'll use Firefox / Apache2.
Best Regards Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html