eap/tls and central users file
nw at sbs.de
Mon Oct 17 14:45:00 CEST 2005
We use freeradius for eap/tls authentication, where freeradius accepts
every certificate from a certain ca, as long as it is nor revoked.
For this only a minimal users file is neccessary to assign some
attributes to users via a DEFAULT entry.
This works so far without problems.
If we want to allow only certificates with well known CNs to be
accepted, we would have to add them to the users file and add a DEFAULT
with type reject.
Would it be possible, that fr only validates the certificates and
proxies the CN as username to a central fr, that has the complete user db?
If so, how could it be achieved?
More information about the Freeradius-Users