> From: Artur Hecker [mailto:[EMAIL PROTECTED]] > Sent: den 20 november 2002 14:51 > To: [EMAIL PROTECTED] > Subject: Re: eap_identity or username attribute? (to Artur and lars)
> so you want the rlm_eap_tls to check if eap_id = certified identity, > right? sounds very reasonable for me, but in some weird way, > Windows XP > gives the possibility to use a certificate and explicitely > type in some > name which has to be put in eap_identity then. What wierd way are you refering to? Is it the "Use a different user name for the connection" check box you are talking about or something else? > so we probably shouldn't verify that... But if you don't verify that the User-Name (or EAP identity, if you have already verified that the User-Name and EAP identity is the same) corresponds to the certificate then any authorization or accounting is basically meaningless. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
