[RADIATOR] EAP Forcing outer identity to match inner identity
Johnson, Neil M
neil-johnson at uiowa.edu
Thu Nov 11 10:31:45 CST 2010
Because I want to make sure that the RADIUS accounting logs reflect the user's real identity for forensic purposes.
-Neil
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu
> -----Original Message-----
> From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
> Sent: Thursday, November 11, 2010 10:25 AM
> To: Johnson, Neil M
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] EAP Forcing outer identity to match inner
> identity
>
> Hi,
> > Does anyone have suggestion on how to reject a user if there outer
> identity doesn't match their inner identity ?
>
> why should it? thats why the outerid can be anonymous (granted,
> Windows have only
> just added that feature in Vista and 7 - but anonymous outer ID has
> been in most
> EAP clients for a long time.) by enforcing this you force people to
> put their real
> ID into the open outer id and thus tell remote places who they are.
> that shouldnt
> be the concern of the remote site - the home site cares because they
> are the ones
> that authenticate you and validate you.
>
> alan
More information about the radiator
mailing list