EAP-TLS with different CA per user?
SecureW2 (List)
list at securew2.com
Sat Jun 7 12:48:55 CEST 2008
Frank,
It is not really a configuration issue, but more an Identity Management
issue.
It is not common to have a CA per user, but a CA per domain. And per domain
you have users.
So:
User X from domain A has CA 1.
User Y from domain B has CA 2.
If this is what you are trying to achieve you can simply setup a
configuration per domain/realm of these users.
Regards,
Tom
> -----Oorspronkelijk bericht-----
> Van: freeradius-users-bounces+list=securew2.com at lists.freeradius.org
> [mailto:freeradius-users-bounces+list=securew2.com at lists.freeradius.org]
> Namens Frank Sweetser
> Verzonden: vrijdag 6 juni 2008 20:07
> Aan: freeradius-users at lists.freeradius.org
> Onderwerp: EAP-TLS with different CA per user?
>
>
> I have a configuration which I need, but haven't been able to figure out
> how
> to make freeradius do it.
>
> I have two users, A and B, both authenticating over wireless using EAP-
> TLS.
> User A has a certificate which has been signed by CA X, and B has one
> signed
> by CA Y.
>
> What I need is to tell freeradius that certificates presented by user A
> should
> only be checked against CA X, and similarly B only by Y. Putting both X
> and Y
> in the same CA list won't work in this case due to what appears to be a
> limitation in OpenSSL.
>
> I've been over all the existing docs I can find, and I haven't been able
> any
> way to do this. Anyone have any suggestion what I might try?
>
> --
> Frank Sweetser fs at wpi.edu | For every problem, there is a solution
> that
> WPI Senior Network Engineer | is simple, elegant, and wrong. - HL
> Mencken
> GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list