other device to store configuration!
John Dennis
jdennis at redhat.com
Thu Apr 2 22:25:00 CEST 2009
new conf wrote:
> *thank you Stefan, *
>
> /Use that path as
> option to --with-sysconf-dir=/
>
> that means, when compiling the radius at installation?
>
> *to Ivan Kalik:*
> /
> Best advice - don't do that!!! Certificates are *much* safer on a server
> than on a USB device - what are you going to do if someone walks off
> with it?/
>
> :) yesss I'm with your advice, but if the usb device is a smartcard,
> it becoms other thing.. the problem is that I must understand what are
> the inpout/output of this device to reach it and extract the information..
> ouuf, lonng road!! :(
>
You can't just mount a smartcard as a mass storage device and access key
data, that would defeat the entire purpose of a smartcard. Managing keys
on a smartcard is one of the problems PKCS11 was developed to address (I
believe you'll also need a driver specific to the smartcard that PKCS11
will load, your smartcard vendor can provide this for you). OpenSSL has
some type of support for PKCS11, exactly what I'm not sure, but that's
the direction you want to head, learn how to configure OpenSSL for
PKCS11. Armed with that information you'll be able to ascertain if the
current OpenSSL support in FreeRADIUS is sufficient to pass that
configuration information down to OpenSSL when it initializes (this
might very well require a code change).
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090402/ea7e7d55/attachment.html>
More information about the Freeradius-Users
mailing list