EAP-TLS & deny access?
uhel at gmx.net
uhel at gmx.net
Mon May 26 23:52:55 CEST 2008
Alan DeKok <aland at deployingradius.com> wrote:
> uhel at gmx.net wrote:
> > how can i deny access to a user (a certificate)?
>
> Set Auth-Type := Reject
>
> > Is a CRL (with the CA_path and c_rehash stuff) the only possibility to
> > deny access or is it possible to have a *whitelist* (like the CA_path
> > and c_rehash stuff but as a whitelist) with certs that are allowed?
>
> If you don't want the user to be authenticated, why are you issuing
> certificates for them?
because there might be a reason not to trust them anymore.
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
So it seems that i have to implement a CRL.
Thanks for your quick answer.
--
regards uHel
More information about the Freeradius-Users
mailing list