user(name) and EAP-TLS

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Aug 5 10:28:58 CEST 2012


*sigh*

Don't use this configuration with wired 802.1X. As the user's identity is not protected within the tunnel, someone sitting between your machine and the switch could easily switch out identities at the start of 802.1X auth, and use it of a way of performing privilege escalation.

Hm, you should probably verify that the certificate is associated with the username provided. SQL/LDAP xlat would probably do the job.

-Arran


More information about the Freeradius-Users mailing list