Certificate-based client side authentication towards a website with freeradius
Martin Schneider
martincschneider at googlemail.com
Thu Jul 2 09:16:17 CEST 2009
Hello Jay
> If you want to leverage the existing user profiles in the RADIUS
> server for authentication, authorization, this Internet Draft TLS-EAP
> Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be
> what you are looking for. Unfortunately, there is no implementation up
> to date as far as I know.
>
> I am designing and developing the software for this Internet draft
> based on OpenSSL, EAP module from wpa-supplicant and freeradius
> client. Please let me know any special requirements if you are
> interested in using TLS-EAP Extension.
I read the draft you mentioned above and I'm not 100% sure if I
understood it correctly.
So basically spoken the authentication/authorization becomes more of
less independant from the application using this software/draft.
There's an authentication/authorization infrastructure besides client
and service that is generic and can be used for *different* services.
So, e.g. I can use it for authentication/authorization for a
webbrowser towards apache, for a mailclient towards the mailservice
etc.
If it is like that, this sounds pretty amazing and would give us
exactely what we need.
Best regards!
M
More information about the Freeradius-Users
mailing list