Hi,
What I am trying to figure out is a way to not only have a certificate,
but a secondary way to verify that that certificate is being used by a
person we allow. If we put cert onto a machine, we have authenticated
that the cert was trusted. The problem is coming from a university, we do
not have a way to control a users machine. So a user could take that
certificate and put it onto a friends machine. This friend may not be
affiliated and should not have access. So I would like to use the cert as
machine authentication and then follow up with another (username/pass)
using the KRB module.
Is this something that can be done? Has anyone run into a similar problem
and what did they do? I know we could go TTLS and not have a machine
cert, but then we get fears of man-in-the-middle.
Thanks.
-- Walter Reynolds
University of Michigan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
