EAP-TLS and user name
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Jul 25 14:18:46 CEST 2014
Hi,
> So some explanation about the relation between EAP-TLS and the user store
> would be great...
> Many thanks in advance.
client has a cert. server has a cert. client trusts server cert, server trusts client cert.
its all certificates.
yes, without further policies in place, if the client has a cert that is known/trusted
by the RADIUS server then they are online. mutual certificate authentication.
the users file is looked at - you see that, with the noops - if you want
to control the user there are methods that use the users file - with freeradius 2 and
3 (especially 3) there is a new TLS handler that allows you to use unlang to
define policies based on items in the client certificate.
you can also use CRL/OSCP to block a client certificate...it is PKI after all..
alan
More information about the Freeradius-Users
mailing list