TLS: assigning certificates to username
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri May 6 13:37:10 CEST 2016
Hi,
> My main reason for being less than enthusiastic about using CN for NAIs, is because in LDAP (also X509) CN is usually the user's humanly readable name, so you're creating discordant representations of the user.
you have to fix all supplicants then - it seems that if you want to set things nicely, the supplicant
will recognise that as the email address or subjectAltName RFC values etc - but it uses the CN
for the outer ID by default (if its not set as something else already in the supplicant) - from brief/rapid
testing of some common clients.
alan
More information about the Freeradius-Users
mailing list