Just for fun, there's now a toggle 'require_client_cert' for EAP-TLS too in v3.1.x. https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-avail... RFC5216 The certificate_request message is included when the server desires the peer to authenticate itself via public key. While the EAP server SHOULD require peer authentication, this is not mandatory, since there are circumstances in which peer authentication will not be needed (e.g., emergency services, as described in [UNAUTH]), or where the peer will authenticate via some other means. This should allow EAP-TLS to be run in a similar fashion to https to allow access to support networks. Be interesting to hear people's experiences with it. -Arran
participants (1)
-
Arran Cudbard-Bell