26 Mar
2014
26 Mar
'14
9:45 a.m.
Nick Lowe wrote:
2) Identity spoofing would not be able to occur via the EAP outer identity, given the first requirement.
The outer identity is required to be anonymized in many EAP methods. So it should be "anonymous", or "anonymous@example.com", or "@example.com". Anything else is probably wrong. FreeRADIUS could arguably look for that, and issue warning messages if it wasn't seen. Alan DeKok.