Disabling EAP-TLS while keeping EAP-PEAP
Martin Gadbois
martin.gadbois at colubris.com
Mon Jun 18 14:37:23 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Reimer Karlsen-Masur, DFN-CERT wrote:
> Hi!
>
> By commenting the CA_file parameter in the eap->tls section:
>
> # CA_file = ${raddbdir}/certs/trusted-ca-cert-list.pem
>
> *and*
>
> by setting CA_path parameter in the eap->tls section to an *empty* directory
>
> CA_path = ${raddbdir}/certs/trustedCAs
>
> should do the trick.
>
> No trusted CAs mean no trusted client certificates :-)
>
Clever! Thanks!
- --
============== +---------------------------------------------+
Martin Gadbois | "Please answer by yes or no. |
Sr. SW Designer | Uncooperative user waste precious CPU time" |
Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969 |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGdnyD9Y3/iTTCEDkRApsHAJ4lbCBVKyd7abo3iwPax7p5o6mJmQCgtSnh
XxxNtA3ZkZ1SSz+ulLYKiyo=
=IZ66
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list