Thanks for all clarification about the eap- * configs. How can I mitigate the security issue if I do not use password for personal certificate? On Tue, Aug 21, 2018 at 5:04 AM Nik Mitev <nik.mitev@jisc.ac.uk> wrote:
On 21/08/18 08:01, Denis Mirassou (UT3/DSI) wrote:
If your concern is about to authenticate devices (smartphones) and not users for sure (think of stolen phones), Client certificates should do the job.
If the private key for the client certificate is encrypted and requires a password, you can authenticate the user too and not just the device. That said, most of the time wifi passwords are stored in the phone and not required to connect.
Nik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Elias Pereira