Alan DeKok aland at deployingradius.com
Wed Mar 26 14:45:35 CET 2014

Nick Lowe wrote:
> 2) Identity spoofing would not be able to occur via the EAP outer
> identity, given the first requirement.

  The outer identity is required to be anonymized in many EAP methods.
So it should be "anonymous", or "anonymous at example.com", or
"@example.com".  Anything else is probably wrong.

  FreeRADIUS could arguably look for that, and issue warning messages if
it wasn't seen.

  Alan DeKok.

More information about the Freeradius-Users mailing list