TLS: assigning certificates to username

A.L.M.Buxey at A.L.M.Buxey at
Fri May 6 13:37:10 CEST 2016


> My main reason for being less than enthusiastic about using CN for NAIs, is because in LDAP (also X509) CN is usually the user's humanly readable name, so you're creating discordant representations of the user.

you have to fix all supplicants then - it seems that if you want to set things nicely, the supplicant
will recognise that as the email address or subjectAltName RFC values etc - but it uses the CN 
for the outer ID by default (if its not set as something else already in the supplicant) - from brief/rapid
testing of some common clients.


More information about the Freeradius-Users mailing list