EAP-TLS: restricting CA certificate use to a subset of identities
Alan DeKok
aland at deployingradius.com
Mon Jun 28 13:33:27 CEST 2010
Edgar Fuß wrote:
> Whein using EAP-TLS, is there any sane way of restricting the use of a CA Certificate to a subset of the possible identities? I.e., is it possible to configure a single FreeRADIUS 2 server to accept users @foo.my.domain only if their Certificates are signed with CA-Cert.foo and users @bar.my.domain only if theirs are signed with CA-Cert.bar?
Not really. You can configure 2 EAP modules, and have requests for
different domains be handled by different modules.
Alan DeKok.
More information about the Freeradius-Users
mailing list