17 Oct
2005
17 Oct
'05
8:45 a.m.
We use freeradius for eap/tls authentication, where freeradius accepts every certificate from a certain ca, as long as it is nor revoked. For this only a minimal users file is neccessary to assign some attributes to users via a DEFAULT entry. This works so far without problems. If we want to allow only certificates with well known CNs to be accepted, we would have to add them to the users file and add a DEFAULT with type reject. Would it be possible, that fr only validates the certificates and proxies the CN as username to a central fr, that has the complete user db? If so, how could it be achieved? Norbert Wegener