TLS: assigning certificates to username
dump at gmx.info
dump at gmx.info
Sat May 21 09:28:40 CEST 2016
Dear list,
[snip]
> To my knowledge a TLS certificate will contain a username (a NAI) in
> TLS-Client-Cert-Common-Name.
>
> You can always check that if the TLS name does not match the username
> specified, you reject the request?
[snip]
many thanks for the comments.
I activated `check_cert_cn' in eap.conf. Now users can't choose a login
name by their own and so bypass user specific regulations.
Jens
More information about the Freeradius-Users
mailing list