Martin, The Internet Draft address what you described in web client/Apache server and mail client and mail server applications. The TLS-EAp extension is leveraging existing user credential and profile in AAA server. In addition, you have flexibility to choose different authentication method using EAP. You can use token based authentication or client Certificate based authentication. What kind of mail client/mail server and web client/web server are you using? I am recruiting more volunteers for the project and I will keep you posted of my progress. Thanks, jay On Thu, Jul 2, 2009 at 3:16 AM, Martin Schneider<martincschneider@googlemail.com> wrote:
Hello Jay
If you want to leverage the existing user profiles in the RADIUS server for authentication, authorization, this Internet Draft TLS-EAP Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be what you are looking for. Unfortunately, there is no implementation up to date as far as I know.
I am designing and developing the software for this Internet draft based on OpenSSL, EAP module from wpa-supplicant and freeradius client. Please let me know any special requirements if you are interested in using TLS-EAP Extension.
I read the draft you mentioned above and I'm not 100% sure if I understood it correctly.
So basically spoken the authentication/authorization becomes more of less independant from the application using this software/draft. There's an authentication/authorization infrastructure besides client and service that is generic and can be used for *different* services. So, e.g. I can use it for authentication/authorization for a webbrowser towards apache, for a mailclient towards the mailservice etc.
If it is like that, this sounds pretty amazing and would give us exactely what we need.
Best regards! M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html