[RADIATOR] question about machine based authentication
Joy Veronneau
jv11 at cornell.edu
Thu Dec 8 16:31:48 CST 2011
Hmm, but EAPTLS_NoCheckId also doesn't check that the cert name matches
the computer name. Seems like I would want the cert name checked?
Is there a way I can still check the cert name?
Sorry to have so many questionsŠ
Thanks,
Joy
On 12/8/11 5:26 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>On 12/09/2011 12:15 AM, Joy Veronneau wrote:
>
>> But if I do that, I will still have to have the names of the machines in
>> the tls_anon file, wouldn't I?
>
>Good point, I overlooked that part. Please see ref.pdf section "5.20.46
>EAPTLS_NoCheckId". You can turn off the name check.
>
>Thanks!
>Heikki
>
>> Thanks,
>>
>> Joy
>>
>> On 12/8/11 5:07 PM, "Heikki Vatiainen" <hvn at open.com.au> wrote:
>>
>>> On 12/07/2011 11:42 PM, Joy Veronneau wrote:
>>>
>>> Hello Joy,
>>>
>>>> I am still working on my machine based authentication config.
>>>>
>>>> Config1 (below) works fine but requires that the names of the machines
>>>> be
>>>> listed in the file tls_anon.
>>>
>>> Try with something like this:
>>> <Handler ...>
>>> AuthByPolicy ContinueWhileAccept
>>> AuthBy file-tls
>>> AuthBy external-adcert
>>> </Handler>
>>>
>>> With the above EAP-TLS will run first and when it is done and returns
>>> ACCEPT, the AuthBy EXTERNAL extra check will run determining the
>>>outcome
>>> of the whole authentication process.
>>>
>>> Please let us know of your results
More information about the radiator
mailing list