Radius + EAP-TLS + LDAP
Hello! Is it possible to setup EAP-TLS based authentication without using third part CA for signing certificates ? so basically, keep users Public key's (not certificates) in LDAP and make radius to retrieve them from there and authenticate users in this way using just pair of public and private key ? I hope I express clearly what I mean. I am newbie in radius, I did not find any similar topic. best regards Pawel
Paweł Klisiewicz wrote:
Is it possible to setup EAP-TLS based authentication without using third part CA for signing certificates ?
No.
so basically, keep users Public key's (not certificates) in LDAP and make radius to retrieve them from there and authenticate users in this way using just pair of public and private key ?
No. EAP-TLS requires access to the CA key. Having access to the user's public key doesn't help. Alan DeKok.
participants (2)
-
Alan DeKok -
Paweł Klisiewicz