EAP-ttls tunnel inner outer authentication credential management
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Mon Feb 4 10:21:29 CET 2008
theSnail wrote:
>
>
> Arran Cudbard-Bell wrote:
>> theSnail wrote:
>>> Is there a way to manage in a different way the inner and the outer
>>> authentication credential in a EAP-ttls + PAP tunnel?
>>>
>>> for example authenticate the outter credential against a file and the
>>> inner
>>> against ldap dir.
>>>
>>> thanks
>>> arjuna
>> Yes, with FreeRADIUS version 2, authentication requests are sent to an
>> 'inner' virtual server, place your ldap module in the authorise stanza
>> of that section, and your file module in the authorise stanza of the
>> outer server.
>>
>> With V1 it's much harder.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
> i was refering to V1 :( , harder but not impossible?
>
No conditional language in v1, so you can't really select different
modules to be used at different points.
Why do you want to lock down the outer identity anyway ? Is it for
accounting purposes or proxying or ... ?
Arran
More information about the Freeradius-Users
mailing list