Question on anonymous identity
Mathieu Simon (Lists)
matsimon.lists at simweb.ch
Thu Jan 7 07:11:12 CET 2016
Hi,
A question surfaced recently while I was reworking a configuration:
By building 3.0 from source I saw that the upcoming 3.0.11 will be
actively logging that anonymous identities should be used* to protect
identities.
I'm not with eduroam, but try to keep an eye on what participating
institutions and others recommend. I see they generally tell users to
set one (where possible). The profile data from cat.eduroam.org also
contains one.
We always recommended students to set an anonymous identity and
profiles/config tools given to them would set it for them, but it wasn't
actively enforced. If the device wasn't configured for sending an
anonymous identity it would still let the device in, if inner-tunnel
authentication and authorization requirements passed.**
So, what is the current take: Would you / Do you (recommend) enforcing
the use of an anonymous identity, resulting in Access-Reject?
Do most enduser wireless devices finally support setting an anonymous
identity these days?
Thanks in advance
Mathieu
*
https://github.com/FreeRADIUS/freeradius-server/commit/ec5cb167dd1de6d3c8e75b04f8b967f473995cee
More information about the Freeradius-Users
mailing list