Certificate-based client side authentication towards a website with freeradius
Jay Xiong
jayxiong007 at gmail.com
Wed Jul 8 16:03:36 CEST 2009
Martin,
The Internet Draft address what you described in web client/Apache
server and mail client and mail server applications. The TLS-EAp
extension is leveraging existing user credential and profile in AAA
server. In addition, you have flexibility to choose different
authentication method using EAP. You can use token based
authentication or client Certificate based authentication.
What kind of mail client/mail server and web client/web server are you using?
I am recruiting more volunteers for the project and I will keep you
posted of my progress.
Thanks,
jay
On Thu, Jul 2, 2009 at 3:16 AM, Martin
Schneider<martincschneider at googlemail.com> wrote:
> Hello Jay
>
>> If you want to leverage the existing user profiles in the RADIUS
>> server for authentication, authorization, this Internet Draft TLS-EAP
>> Extension http://tools.ietf.org/html/draft-nir-tls-eap-06 might be
>> what you are looking for. Unfortunately, there is no implementation up
>> to date as far as I know.
>>
>> I am designing and developing the software for this Internet draft
>> based on OpenSSL, EAP module from wpa-supplicant and freeradius
>> client. Please let me know any special requirements if you are
>> interested in using TLS-EAP Extension.
>
> I read the draft you mentioned above and I'm not 100% sure if I
> understood it correctly.
>
> So basically spoken the authentication/authorization becomes more of
> less independant from the application using this software/draft.
> There's an authentication/authorization infrastructure besides client
> and service that is generic and can be used for *different* services.
> So, e.g. I can use it for authentication/authorization for a
> webbrowser towards apache, for a mailclient towards the mailservice
> etc.
>
> If it is like that, this sounds pretty amazing and would give us
> exactely what we need.
>
> Best regards!
> M
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list