Hi,
One thing I'd like to achive in the "EDUROAM"-responsible RADIUS "router" (server) is to make sure that *only* EAP-TTLS requests are forwarded to the RADIUS server doing the real user authentication.
the inner, or the whole request? if only the inner, then please note that this will break new EAP RFCs
Ie, I would like to make sure that it will reject requests that come in from the outside with user+password stuff sent in cleartext.
(And also make sure itself won't send out such requests). ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
visitors to your site might be using any type of EAP - thats down to their home site...so you'll have to let all EAP out..once again, as previous answer, in plain user/auth, there are many fields missing... but what kit at your site would even be attempting a plain user/pass login? alan