On 9 Sep 2015, at 16:51, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Wed, Sep 09, 2015 at 10:43:34AM -0500, Matt Zagrabelny wrote:
With EAP-TLS, can one reuse the same client cert across multiple devices?
I'm guessing "yes", but would appreciate confirmation.
Yes, FR doesn't care about where the certificate from, only that it's valid.
But then when you need to remove one client from the network, you revoke its certificate and...
...so no, it's not a good idea for several reasons.
Tangentially, is there a way to "pin" a certificate to a client's MAC address?
Yes, with grand illusions of security that don't exist. Until a recent O/S comes along and starts using random MAC addresses, that is.
Ahhh every time I read about it, I start clapping gleefully and making te-he-he noises. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2