Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Oct 19 15:44:58 CEST 2015

Just for fun,  there's now a toggle 'require_client_cert' for EAP-TLS too in v3.1.x.



   The certificate_request message is included when the server desires
   the peer to authenticate itself via public key.  While the EAP server
   SHOULD require peer authentication, this is not mandatory, since
   there are circumstances in which peer authentication will not be
   needed (e.g., emergency services, as described in [UNAUTH]), or where
   the peer will authenticate via some other means.

This should allow EAP-TLS to be run in a similar fashion to https to allow access to support networks.

Be interesting to hear people's experiences with it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151019/c6fedb41/attachment.sig>

More information about the Freeradius-Users mailing list