MAC+EAP authentication

Artur Hecker artur.hecker at gmail.com
Tue Jun 14 07:12:01 CEST 2005


i personally think that it's completely useless.

implementing EAP or MAC authentication, meaning that one of both would
work, is a huge security hole and requiring both is useless since EAP
authentication implicitly filters away everything unauthenticated...

(even if i understand that might be necessary for current WiFi phones,
etc., please be aware that under linux you can actually change the MAC
address with one command...)


ciao
artur


On 6/13/05, Alan DeKok <aland at ox.org> wrote:
> "Jefri bin Dahari" <jeff at mimos.my> wrote:
> > I plan to implement simultaneous MAC+EAP authentication for my wireless
> > users. From my observation, Freeradius can only do either MAC or EAP but not
> > MAC and EAP authentication. Can somebody gives me some hints on how to do
> > that?
> 
>   It can do both.  EAP is authentication, MAC checking isn't really
> authentication.
> 
>   What are you seeing in RADIUS packets, and what do you want to happen?
> 
>   Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list