EAP-TLS CN Check Question

[David Mitchell]

David Mitchell wrote:

> Is there some other way to accomplish this? I was thinking if perhaps
> the certificate attributes ended up in a place where I could perform
> more thorough unlang comparisons I could get the same effect. The
> authentication eventually passes through the users file, and the
> User-Name and Calling-Station-Id should be available there but I don't
> know if I can access the CN or other certificate attributes there. Does
> anybody know if this is possible?

I've encountered a similar issue I'm not sure how to deal with. Is there
a place I can log any attributes of the certificate? I log my accounting
records via linelog, and as long as the configuration I end up with
forces something reasonable into the User-Name value I do log a
username. But it occurs to me it might be nice to have some kind of
record of the certificate which was used. Either the CN, or serial
number, or something. Is there a way to do this?

-David Mitchell



-- 
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu)       Network Engineer IV  |
| Tel: (303) 497-1845                      National Center for  |
| FAX: (303) 497-1818                      Atmospheric Research |
-----------------------------------------------------------------