Using X.509 Cert. subject and issuer for authorization with EAP-TLS

Arnaud Ebalard arno at
Sun Apr 13 13:09:54 CEST 2008


Alan DeKok <aland at> writes:

>> - this basically imply doing an additional step of authorization *after*
>>   authentication, which is not the way freeradius expects it to be.
>   No.  The "post-auth" section exists for precisely that purpose.

For attributes, yes. For rcode, no ;-) 

Thanks for the other pointers and design proposals, Alan. I'll try to
spend some time on that in the next few days.



More information about the Freeradius-Devel mailing list