[RADIATOR] EAP Forcing outer identity to match inner identity

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Nov 11 10:24:44 CST 2010


Hi,
> Does anyone have suggestion on how to reject a user if there outer identity doesn't match their inner identity ?

why should it?  thats why the outerid can be anonymous (granted, Windows have only
just added that feature in Vista and 7 - but anonymous outer ID has been in most
EAP clients for a long time.)   by enforcing this you force people to put their real
ID into the open outer id and thus tell remote places who they are. that shouldnt
be the concern of the remote site - the home site cares because they are the ones
that authenticate you and validate you.

alan


More information about the radiator mailing list