El Domingo, 29 de Junio de 2003 15:47, Alan DeKok escribi�: Then, what do you think, in your opinion, will be the BEST implementation for AAA into wireless networks using FreeRadius? the solution described into EAPTLS.pdf ?
> Daniel <[EMAIL PROTECTED]> wrote: > > Well, i have read the EAPTLS.pdf doc, and here is the problem. This > > document (linked on FreeRadius.org) describes the procedure to make > > digital certificates (OpenSSL) and how to install MANUALLY on each > > machine (clients and on freeradius server). Well, here is my question: > > > > Is posible with FreeRadius to implement a PKI on my network? > > No. > > > i mean, another > > Linux machine making certificates and giving them automatically (or when > > the clients and the FreeRadius server need it), and not to do it manually > > as it is described in the doc. The method of Digital Certificate to do > > AAA with FreeRadius is the best, but make it manually is a bit poor. > > It's also correct. > > The whole purpose of certificates is to validate identity. Why > would you hand out certificates to machines which you haven't > validated? > > It can't be done, and even if it could be done, it would be wrong. > > The server can hand out *temporary* keys for WEP. LEAP does that. > But it does not, and will not, ever hand out identity to clients. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
