Certificate-based client side authentication towards a website with freeradius
Martin Schneider
martincschneider at googlemail.com
Wed Jul 1 16:20:23 CEST 2009
Hi Ivan
> Why use radius to check certificates when Apache can do it?
>
> http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
Thanks for this reply.
We need also authorization. So we want to
1.) check if the certificate is signed by a "trusted ca"
2.) check if the username x in the certificate is "known"
3.) check if the user with name x is authorized to access the service.
For (2 and) 3 I thought we'd need radius. The authorization could be
stored in a database that can be easily modified.
Best regards,
M.
More information about the Freeradius-Users
mailing list