Simple EAP flow support!
Diameter K
diametera at gmail.com
Thu Mar 8 18:31:22 CET 2007
Hi Mike/Josh,
Thanks for your replies. Please see my responses below.
On 3/8/07, Michael Griego <mgriego at utdallas.edu> wrote:
> Why exactly do you want to do this instead of using standardized EAP-
> TLS?
Ok I will check if i can use EAP-TLS.
>You'll have to write your own code upates to FreeRADIUS, and I
> know of *no* supplicants that will operate in this fashion. Seems
> like a lot more trouble than using what's already there, especially
> when you get into situations like where the certificate won't fit
> into one EAPOL packet, which is constrained by the MTU.
Say if i use EAP-TLS then is the NAS supposed to store the certificate
of the supplicant.
I think the certificate must alway come from the supplicant. But then
if we have a problem with the MTU, then supplicant stored certificates
cannot be used with EAP-TLS.
> --Mike
>
>
> On Mar 7, 2007, at 12:53 PM, Diameter K wrote:
>
> > Hi All,
> > I want to configure free-radius to handle a simple EAP
> > described below.
> >
> > 1. Radius receives a IDENTITY message. The IDENTITY message
> > contains a encrypted certificate.
> > 2. The server decrypts and validates the Certificate and send out a
> > EAP-Success or EAP-Failure.
> >
> > Is there any way i can configure freeradius to achieve this flow or
> > would i have to modify the code. As i understand the standard
> > flows are much more complicated(with challenge), which i dont want.
> >
> >
> > Thanks & Regards,
> > Shiv
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> > users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list