Certificate-based client side authentication towards a website with freeradius
Jay Xiong
jayxiong007 at gmail.com
Sat Jul 11 04:55:04 CEST 2009
Martin,
You are correct that you need modified TLS library, EAP module and GUI
for configuration EAP parameters integrated with each client. It is
quite feasible with Firefox. The modified library, EAP module
(library) can be made as patch to Firefox and
Microsoft IE is another story.
Thanks,
Jay
On Thu, Jul 9, 2009 at 2:56 AM, Martin
Schneider<martincschneider at googlemail.com> wrote:
> Helllo Jay
>
>> The Internet Draft address what you described in web client/Apache
>> server and mail client and mail server applications. The TLS-EAp
>> extension is leveraging existing user credential and profile in AAA
>> server. In addition, you have flexibility to choose different
>> authentication method using EAP. You can use token based
>> authentication or client Certificate based authentication.
>
> What I still do not understand completely is the Client side
> integration into existing software, e.g. Firefox which has its own TLS
> implementation. So, theoretically you need to modify the TLS
> implementation of each Client program that it can handle the
> InterimAuth Message and forward the following EAPMessages to the
> EAP-Infrastructure.
>
>> What kind of mail client/mail server and web client/web server are you using?
>
> Well I think we'll use Firefox / Apache2.
>
> Best Regards
> Martin
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list