Freeradius + EAP-TLS + LDAP

Sven Hartge sven at svenhartge.de
Tue Apr 19 17:39:48 CEST 2011


Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 19/04/11 15:24, Sven Hartge wrote:
>> Alexandros Gougousoudis<gougousoudis-list at servicecenter-khs.de>  wrote:

>>> The users should be checked by uid and the password should be
>>> checked, but I have of course no cleartext-password in my LDAP, they
>>> are all crypt or MD5 (depends on tree).
>>
>>> Is this possible or not?
>>
>> No, impossible.
>>
>> If you want to use LDAP to authenticate your users, you _need_ a
>> cleartext password somewhere.

> Hang on - the OP said he wanted to do EAP-TLS.

> For EAP-TLS there is no inner-auth, and no passwords.

Ah, yes. But he also wrote about checking the password.

EAP-TLS uses client certificates, no user password involved.

Grüße,
S°

-- 
Sigmentation fault. Core dumped.




More information about the Freeradius-Users mailing list