[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: TLS authentication works, but does not check usernames against
From: Phil Mayers <p.mayers () imperial ! ac ! uk>
Date: 2010-11-30 17:07:20
Message-ID: 4CF52F48.2030508 () imperial ! ac ! uk
[Download RAW message or body]
On 30/11/10 16:55, Andrew Bovill wrote:
>
> It seemed to me that it wouldn't connect if I left the Identity blank,
> so that may be what was confusing me.
Most supplicants will use the "cn=XXX" from the cert as the identity,
but it really makes sense to ask, because they may not be (often are
not) the same
> I doesn't seem to me like there would be, but is there any way to have,
> say, a 'guest' certificate, that can be handed out to multiple people
> and be used simultaneously with EAP/TLS?
A certificate is like any other credential; anyone who knows it (or has
it) can use it.
Whether that's a good idea is another matter; how do you revoke it and
manage re-issuance once one guest leaves? How do you distinguish between
their activity? And so on.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic