Using X.509 Cert. subject and issuer for authorization with EAP-TLS
arno at natisbad.org
Sun Apr 13 13:09:54 CEST 2008
Alan DeKok <aland at deployingradius.com> writes:
>> - this basically imply doing an additional step of authorization *after*
>> authentication, which is not the way freeradius expects it to be.
> No. The "post-auth" section exists for precisely that purpose.
For attributes, yes. For rcode, no ;-)
Thanks for the other pointers and design proposals, Alan. I'll try to
spend some time on that in the next few days.
More information about the Freeradius-Devel