mutual certificate authentication combined with 2nd factor inner authentication

Essen, Hartwig von Hartwig.vonEssen at airbus.com
Wed Dec 2 10:02:59 CET 2009


Due to a limitation also described in 2006 by Matt Brown 
http://www.mattb.net.nz/blog/2006/09/22/requiring-client-certificates-fo
r-eap-ttls-with-freeradius/
we are not able to use 
- mutual certificate authentication between the server and the client in
EAP-TTLS
- in combination with a second factor using inner authentication eg.
EAP-OTP/MSCHAP etc...
According to a suggestion by Matt Brown (link above) a slight change
would correct this. 
Was this suggestion ever communicated to the freeradius project ?
We also plan to use the described combination and would prefer, when
that slight change could be integrated rather than doing a patch.

Hartwig ve




More information about the Freeradius-Users mailing list