eap-tls certificates

[Munroe Sollog]

I'm reading:
http://deployingradius.com/documents/configuration/certificates.html

It mentions,

"You need to edit client.cnf only if you are using EAP-TLS. If not, then
that file can be left as-is."

Though it doesn't say, I'm assuming i need to edit the [req] and [client]
sections?  For the [client] section, do I need an entry for every unique
client I plan on deploying a certificate to?  I'm asking because I don't
understand the emailAddress and commonName fields in this context.

Finally, is there any documentation on how to scale this solution up to
support 15k-20k users?  I'm hoping something like LDAP or RDBMS is an
option?

-- 
Munroe Sollog (He/Him/His)
Network Architect
munroe at lehigh.edu