3 Aug
2010
3 Aug
'10
3 p.m.
Sallee, Stephen (Jake) wrote:
The various EAP methods *should* have tied usernames (i.e. domains) to a field in the certificate. e.g. a cert with CN "radius@example.com" should be sent logins for "user@example.com", but NEVER sent logins for "user@example.net"
How does this workout with child domains? For example: I have two domains 1) umhb.edu and 2) Cru.umhb.edu. "Cru" is a child of "umhb.edu", if I get a single cert for FreeRADIUS.umhb.edu will it be ok for authenticating users on both umhb.edu AND Cru.umhb.edu?
I said it SHOULD have been that way. It doesn't work that way now. There is NO tying of certificate CNs to user names. Alan DeKok.