EAP-TLS and EAP-Identity
David Weidenkopf
david+freeradius at weidenkopf.com
Fri May 27 21:14:50 UTC 2022
Hello,
I am trying to understand EAP-TLS configuration. RFC3748 seems to indicate that the identity response can be empty. This makes sense for EAP-TLS, since it is using certificates, so maybe the identity is not useful in that case. I am aware of RFC5080 and it seems to discuss the conflicting requirements around this.
However, from looking at what I could find on this list about EAP-TLS configuration, is that the supplicant (wpa_supplicant in this case) is broken if it does not provide an identity.
We control the supplicant and are only trying to integrate with customers using 8021X with WPA. We don't control their configuration. We have one that insists the identity should be able to be blank.
My interest here is we use freeradius for testing our system. Is there a configuration for EAP-TLS that supports a blank or empty Identity?
I appreciate any wisdom anyone can share regarding this.
Regards
David
More information about the Freeradius-Users
mailing list