Daniel <[EMAIL PROTECTED]> wrote: > Well, i have read the EAPTLS.pdf doc, and here is the problem. This document > (linked on FreeRadius.org) describes the procedure to make digital > certificates (OpenSSL) and how to install MANUALLY on each machine (clients > and on freeradius server). Well, here is my question: > > Is posible with FreeRadius to implement a PKI on my network?
No. > i mean, another > Linux machine making certificates and giving them automatically (or when the > clients and the FreeRadius server need it), and not to do it manually as it > is described in the doc. The method of Digital Certificate to do AAA with > FreeRadius is the best, but make it manually is a bit poor. It's also correct. The whole purpose of certificates is to validate identity. Why would you hand out certificates to machines which you haven't validated? It can't be done, and even if it could be done, it would be wrong. The server can hand out *temporary* keys for WEP. LEAP does that. But it does not, and will not, ever hand out identity to clients. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
