Check for Certificate AND Username
Alan DeKok
aland at deployingradius.com
Fri Sep 14 17:31:16 CEST 2007
Wolfgang Burger wrote:
> Well, there is another Radius-Server (DRAS, running under VMS,
> controlled by someone else) where all the users are listet.
> I just thougt it would be very nice to check for a username/password, to
> make sure that noone gives away his certificate in any way.
Then use EAP-TTLS instead of EAP-TLS. You can then proxy the internal
username/password information. With EAP-TLS, there is no username or
password, so you can't proxy anything.
> And, and this is more important, it is possible that someone is blocked
> on the other server but still has a valid certificate.
> By proxing the request, that user would be blocked.
> Any other idea how to do this?
Revoke the client certificate.
Alan DeKok.
More information about the Freeradius-Users
mailing list