Re: FreeRadius + EAP/TLS + Digital Certificates

El Domingo, 29 de Junio de 2003 15:47, Alan DeKok escribió:

Then, what do you think, in your opinion, will be the BEST implementation for 
AAA into wireless networks using FreeRadius? the solution described into 
EAPTLS.pdf ?


> Daniel <daniel_nagore@xxxxxxxxxxx> wrote:
> > Well, i have read the EAPTLS.pdf doc, and here is the problem. This
> > document (linked on FreeRadius.org) describes the procedure to make
> > digital certificates (OpenSSL) and how to install MANUALLY on each
> > machine (clients and on freeradius server). Well, here is my question:
> >
> > Is posible with FreeRadius to implement a PKI on my network?
>
>   No.
>
> > i mean, another
> > Linux machine making certificates and giving them automatically (or when
> > the clients and the FreeRadius server need it), and not to do it manually
> > as it is described in the doc. The method of Digital Certificate to do
> > AAA with FreeRadius is the best, but make it manually is a bit poor.
>
>   It's also correct.
>
>   The whole purpose of certificates is to validate identity.  Why
> would you hand out certificates to machines which you haven't
> validated?
>
>   It can't be done, and even if it could be done, it would be wrong.
>
>   The server can hand out *temporary* keys for WEP.  LEAP does that.
> But it does not, and will not, ever hand out identity to clients.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html