user(name) and EAP-TLS

Alan DeKok aland at
Sat Aug 4 03:15:53 CEST 2012

Klaus Klein wrote:
>>    Which uses certificates for authentication.
> Correct.

  Thanks for the vote of confidence.

  The point of my comment was that it DOESN"T use names && passwords for

> Is it then correct that the 'check_cert_cn' option in eap.conf is the
> only way to prevent anyone on the client side to tamper with the
> identity entry, and thereby avoiding restrictions (e.g. Login-Time) for
> that client?

  That's what check_cert_cn is for.  This is documented.

  Alan DeKok.

More information about the Freeradius-Users mailing list