Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
> 
>> Yeah, complex sql really can be quite slow, specially when the queries 
>> are being run multiple times for all the rounds required in eap 
>> authentication.
> 
>   If you're using the TLS variants of EAP, you can do:

Except if you're using plain EAP-TLS where there's no inner tunnel IIRC?

I have wondered where it might be sensible to fake a PAP request with 
the certificate details for EAP-TLS. This would provide (I think) quite 
a good way for people to do certificate checking and logging etc.

User-Name = "theCN"
User-Password = "theCN"
FreeRADIUS-Cert-Subject = "cn=theCN,o=Foo,c=GB"
FreeRadius-Cert-Issuer = "ou=ICT,o=Foo,c=GB"
FreeRADIUS-SubjectAltName = "email:[EMAIL PROTECTED]"
FreeRADIUS-SubjectAltName = "email:[EMAIL PROTECTED]"

..etc.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to