(RADIATOR) Incorect documentation of 5.18.44 EAPTLS_NoCheckId
Jan Tomasek
jan at tomasek.cz
Fri Feb 1 03:16:57 CST 2008
Mike McCauley wrote:
> If EAPTLS_NoCheckId IS set in your configuration file, then Radiator should
> not look up the database for the certificate username.
>
> If EAPTLS_NoCheckId IS NOT set (the case you indicate below), then Radiator
> should look up the certificate in the user database. The logs indicate that
> this is indeed happening, and the user TLS+semik at cesnet.cz is not in the user
> database, so the verification fails.
>
> Or do I misunderstand your problem?
I'm maybe just confused. From docs I do not see reason why is Radiator
checking user database. I guess it's because whole TLS stuff is closed
in <AuthBy FILE>...
>> documentation of EAPTLS_NoCheckId:
>> > For EAP-TLS authentication, this optional parameter prevents the
>> > comparison of the username with the certificate common name. The
Maybe adding "... certificate common name and user database" might help.
Well now I know that this is desired behavior. :)
Best regards
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list