Certificate-based client side authentication towards a website with freeradius

Martin Schneider martincschneider at googlemail.com
Thu Jul 9 08:56:15 CEST 2009

Helllo Jay

> The Internet Draft address what you described in web client/Apache
> server and mail client and mail server applications. The TLS-EAp
> extension is leveraging existing user credential and profile in AAA
> server. In addition, you have flexibility to choose different
> authentication method using EAP. You can use token based
> authentication or client Certificate based authentication.

What I still do not understand completely is the Client side
integration into existing software, e.g. Firefox which has its own TLS
implementation. So, theoretically you need to modify the TLS
implementation of each Client program that it can handle the
InterimAuth Message and forward the following EAPMessages to the

> What kind of mail client/mail server and web client/web server are you using?

Well I think we'll use Firefox / Apache2.

Best Regards

More information about the Freeradius-Users mailing list