EAP-TLS & deny access?
Hi, how can i deny access to a user (a certificate)? Is a CRL (with the CA_path and c_rehash stuff) the only possibility to deny access or is it possible to have a *whitelist* (like the CA_path and c_rehash stuff but as a whitelist) with certs that are allowed? I'm using Freeradius 1.1.7 with EAP-TLS which works fine so far. I'm not using any SQL or LDAP backend only the *users* file. -- regards uHel
uhel@gmx.net wrote:
how can i deny access to a user (a certificate)?
Set Auth-Type := Reject
Is a CRL (with the CA_path and c_rehash stuff) the only possibility to deny access or is it possible to have a *whitelist* (like the CA_path and c_rehash stuff but as a whitelist) with certs that are allowed?
If you don't want the user to be authenticated, why are you issuing certificates for them? Alan DeKok.
Alan DeKok <aland@deployingradius.com> wrote:
uhel@gmx.net wrote:
how can i deny access to a user (a certificate)?
Set Auth-Type := Reject
Is a CRL (with the CA_path and c_rehash stuff) the only possibility to deny access or is it possible to have a *whitelist* (like the CA_path and c_rehash stuff but as a whitelist) with certs that are allowed?
If you don't want the user to be authenticated, why are you issuing certificates for them?
because there might be a reason not to trust them anymore.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So it seems that i have to implement a CRL. Thanks for your quick answer. -- regards uHel
participants (2)
-
Alan DeKok -
uhel@gmx.net