Using X.509 Cert. subject and issuer for authorization with EAP-TLS

[Arnaud Ebalard]

Hi,

Alan DeKok <aland at deployingradius.com> writes:

>> - this basically imply doing an additional step of authorization *after*
>>   authentication, which is not the way freeradius expects it to be.
>
>   No.  The "post-auth" section exists for precisely that purpose.

For attributes, yes. For rcode, no ;-) 

Thanks for the other pointers and design proposals, Alan. I'll try to
spend some time on that in the next few days.

Cheers,

a+