Allow EAP-TLS based authentications only

Panagiotis Georgopoulos panos at comp.lancs.ac.uk
Fri Oct 21 18:29:53 CEST 2011


> Panagiotis Georgopoulos wrote:
> > Am I right in thinking that if I leave enabled only the EAP-TLS, the
> > EAP-TTLS and PEAP parts in my eap.conf file, I would basically achieve
> > what I want? In order words, essentially disable md5, leap, gtc,
> > mschapv2 in the eap.conf.
> 
>   To allow only EAP-TLS, simply delete every *other* subsection from the
> eap configuration.  You don't need TTLS, and you don't need PEAP.

Perhaps I wasn't very clear. I want to allow any TLS *based* authentications
to occur, that is, any authentication that establishes a TLS tunnel and
passes its credentials over it. 

If I am right, TTLS and PEAP belong to this category, thus I need them! So,
if I configure only EAP-TLS, TTLS and PEAP in eap.conf, I should be ok,
right?

Cheers,
Panos









More information about the Freeradius-Users mailing list