Rejecting EAP-TLS based on cert Subject field

[Matt Garretson]

On 1/27/2011 1:14 PM, Alan Buxey wrote:
> you are authenticating...and then rejecting in the post-auth
> stage.   you really need to break the process in the authentication
> stage.



Thanks.  That's actually my goal.  But unlang isn't allowed in
authenticate{}, and my attempts to sneak it into the authentication
phase via the tls{} section in eap.conf didn't seem to work.

Any other ways to do it?

I'd thought of using rlm_perl, but couldn't see that the cert fields are
passed to the module.

Thanks,
-Matt