Hi, > If the supplicant is not configured that strictly, at the end of the day it > does not matter if you rolled your own self-signed RADIUS server cert or > you have a cert with its root CA pre-installed.
Actually, It's not quite the same: if the user at least managed to enable to CA checking, then - for a commercial CA, thousands of untrusted hosts match his check - for a self-signed CA, only one server matches - for a dedicated RADIUS Auth CA, only servers within the administrative reach which are trusted to handle user authentications anyway match This *is* a win in security vs. commercial CAs. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
signature.asc
Description: This is a digitally signed message part.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html