EAP-TLS without client authentication

tnt at kalik.net tnt at kalik.net
Thu Jan 8 20:08:20 CET 2009

>While WPA and WPA2 does provide for
>data-link encryption, it needs keying material to encrypt the
>communication.  It can use a pre-shared key (PSK) for this purpose,
>but this has the drawbacks of communicating the key to the user and
>configuration on the end users part.

So they don't want PSK.

>The two downsides of this approach is similar to PSKs, in that you
>have to have a mechanism to communicate the configuration information,
>and the configuration is burdensome on the user.  I have proposed this
>solution to hotspot operators whom, after testing, have rejected it as
>too difficult for the user.

And configuring something that Microsoft calls Zero Configuration is too

Use captive portal then.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list