30 Nov
2010
30 Nov
'10
11:15 a.m.
On 30/11/10 16:10, Andrew Bovill wrote:
It just seems weird that nearly ALL of the suplicants I've used *require* me to give a username/password (or at least an Identifier + password) in addition to the unlocked certificate. Maybe a better question is: What's the point of the username/pass that's also being sent by the supplicant?
Well, the username goes into the EAP-Identity field. For example you might put: user@home.org.com ...and be in a radius roaming federation like eduroam, but your certificate may contain: cn=user,o=Home Org,... ...so you need to be able to specific a username. Password is not used in EAP-TLS; the supplicants I've seen don't ask for it (Windows, MacOS, Linux/NetworkManager, Nokia E-series)