AW: understanding

Heinrich, Sebastian S.Heinrich at aos-stade.de
Fri Mar 30 09:21:21 CEST 2012


> From wikipedia, "PEAP is a protocol that encapsulates the Extensible
Authentication Protocol (EAP) within an encrypted and authenticated
Transport Layer Security (TLS) tunnel."

> TLS always need a certificate.

>> There is nothing checked if you don't check the checkbox 'check
certificate'.

> It doesn't CHECK for the certificate common name (CN) or certificate
authority (CA), but it still uses the server certicate to create the TLS
tunnel.

>> Actually the existing certificates in the certs subdirectory could be
deleted but the authentification would work?

> It would, if you DON'T use PEAP. If you ONLY use PAP or MSCHAPv2, then
you don't need certificates.

But it would work with the standard certificates given in the certs
subdirectory. There is no security improveness by creating new
certificates and using them for PEAP-EAP-MSCHAPv2 when you don't check
them.

Best Regards
Sebastian Heinrich


More information about the Freeradius-Users mailing list