[RADIATOR] Mac OS High Sierra: Reauth issues and/or roaming

Stefan Winter stefan.winter at restena.lu
Mon Feb 26 13:47:06 UTC 2018


> Here, at University of Minho, we are struggling with an issue related to
> re-authentication on wi-fi network eduroam

> We would prefer not to use the configuration profiles due to the burden
> it carries itself – we want our infrastructure to allow users to connect
> just by inserting their credentials, what we achieved long time ago and
> want to keep going this way.
You "achieved" subjecting your users to evil twin attacks, which make
them send their password to arbitrary third parties. Congratulations on

You are violating the eduroam policy with that: it is specifically noted
that Identity Providers MUST supply their users with all the information
needed to verify the server identity, which includes the server name and
CA. This can be done using profiles (easiest) or even with manual
instructions on a support web page. Instructing users NOT to do any of
that and just type their username password, and clicking "Continue"
without verifying the server certificate such as you do
is unacceptable.

BTW, using a profile would pinpoint the inner method and likely solve
the operational problem at hand. But that's only a collateral of
achieving security.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3226 bytes
Desc: not available
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20180226/28a36fc2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20180226/28a36fc2/attachment.sig>

More information about the radiator mailing list