On Fri, 23 Feb 2018, hw wrote:
There are devices that are using PXE-boot and require access to the company LAN. If I was to allow PXE-boot for unauthenticated devices, the whole thing would be pointless because it would defeat any security advantage that could be gained by requiring all devices and users to be authenticated: Anyone could bring a device capable of PXE-booting and get network access.
I'd hope that you could involve TPM in this game. PXE to unauthenticated VLAN, boot an OS that could then use TPM to pull out a credential to authenticate to the network and switch to another VLAN.
As a customer visting a store, would you go to the lengths of configuring your cell phone (or other wireless device) to authenticate with a RADIUS server in order to gain internet access through the wirless network of the store?
No, I'd never offer wireless network access this way. Typically, you either offer it unauthenticated, or you provide it via a captive web portal. jh _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
