No, but where the client certificates are signed by the server certificate.
oh.. so theoretically the server needs a "special" server certificate enabling it to sign something, right? (with the right extensions, etc.)
In that case, the server (through the certificatge) has already said that the user is ok (by signing the users certificate.) Since that's done, there's not much point in checking a database, to see if the server knows about the user.
yes ok. but if you just want to block a user for a while, you can still apply the rest of the authorization, right?
i think my problem is that i don't really know who does what in the setup you present. rlm_eaptls checks the certificate - if it signed by the server's certificate than the user is granted access - independently of what?
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
