[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: TLS authentication works, but does not check usernames against
From:       Phil Mayers <p.mayers () imperial ! ac ! uk>
Date:       2010-11-30 17:07:20
Message-ID: 4CF52F48.2030508 () imperial ! ac ! uk
[Download RAW message or body]

On 30/11/10 16:55, Andrew Bovill wrote:

>
> It seemed to me that it wouldn't connect if I left the Identity blank,
> so that may be what was confusing me.

Most supplicants will use the "cn=XXX" from the cert as the identity, 
but it really makes sense to ask, because they may not be (often are 
not) the same

> I doesn't seem to me like there would be, but is there any way to have,
> say, a 'guest' certificate, that can be handed out to multiple people
> and be used simultaneously with EAP/TLS?

A certificate is like any other credential; anyone who knows it (or has 
it) can use it.

Whether that's a good idea is another matter; how do you revoke it and 
manage re-issuance once one guest leaves? How do you distinguish between 
their activity? And so on.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]