Which authentication system?
Alan DeKok
aland at deployingradius.com
Wed Mar 28 08:36:02 CEST 2007
Ian Truelsen wrote:
> Here is what I want to do:
> This is for the marina that I am at and a group of 10 of us wanted
> internet, invested in the hardware and want to be able to access the
> system without logging in or anything like that. For this group, I was
> thinking of EAP-TLS as client side certificates would not be a problem.
> Being a marina, we get people in from time to time - mostly in the
> summer - who are only going to be there for a week or so and just want
> to check email or whatever. For these, I don't want to be dealing with
> client side certs as this raises the amount of time that I have to be
> administering the system exponentially. I was thinking of something
> along the lines of chillispot, but I have never been able to get that
> going, and I don't know whether the two systems can co-exist on the same
> AP.
Yes they can.
> So, does anyone have any thoughts on what would be the best auth system
> to go with?
Use EAP-TLS with client certs for long-term users. Use EAP-TTLS or
PEAP for everyone else. The same server certificate can be used in both
places, for all those EAP types.
You'll have to get the root CA onto their systems, but that's not
difficult.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list