Certificate-based client side authentication towards a website with freeradius
Jay Xiong
jayxiong007 at gmail.com
Wed Jul 1 21:24:46 CEST 2009
Martin,
If you want to leverage the existing user profiles in the RADIUS
server for authentication, authorization, this Internet Draft TLS-EAP
Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be
what you are looking for. Unfortunately, there is no implementation up
to date as far as I know.
I am designing and developing the software for this Internet draft
based on OpenSSL, EAP module from wpa-supplicant and freeradius
client. Please let me know any special requirements if you are
interested in using TLS-EAP Extension.
Thanks,
jay
On Wed, Jul 1, 2009 at 2:14 PM, Alan DeKok<aland at deployingradius.com> wrote:
> Martin Schneider wrote:
>> We need also authorization. So we want to
>>
>> 1.) check if the certificate is signed by a "trusted ca"
>
> That is done by the normal certificate validation process.
>
>> 2.) check if the username x in the certificate is "known"
>
> What does that mean? If the CA signed the certificate, then the
> usename is known. Why would the CA sign a certificate for an unknown user?
>
>> 3.) check if the user with name x is authorized to access the service.
>
> That can be done with RADIUS.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list