TLS authentication works, but does not check usernames against 'users' file.
Phil Mayers
p.mayers at imperial.ac.uk
Tue Nov 30 18:07:20 CET 2010
On 30/11/10 16:55, Andrew Bovill wrote:
>
> It seemed to me that it wouldn't connect if I left the Identity blank,
> so that may be what was confusing me.
Most supplicants will use the "cn=XXX" from the cert as the identity,
but it really makes sense to ask, because they may not be (often are
not) the same
> I doesn't seem to me like there would be, but is there any way to have,
> say, a 'guest' certificate, that can be handed out to multiple people
> and be used simultaneously with EAP/TLS?
A certificate is like any other credential; anyone who knows it (or has
it) can use it.
Whether that's a good idea is another matter; how do you revoke it and
manage re-issuance once one guest leaves? How do you distinguish between
their activity? And so on.
More information about the Freeradius-Users
mailing list