new conf wrote:
*thank you Stefan, *
/Use that path as
option to --with-sysconf-dir=/
that means, when compiling the radius at installation?
*to Ivan Kalik:*
/
Best advice - don't do that!!! Certificates are *much* safer on a server
than on a USB device - what are you going to do if someone walks off
with it?/
:) yesss I'm with your advice, but if the usb device is a smartcard,
it becoms other thing.. the problem is that I must understand what are
the inpout/output of this device to reach it and extract the information..
ouuf, lonng road!! :(
You can't just mount a smartcard as a mass storage device and access key
data, that would defeat the entire purpose of a smartcard. Managing keys
on a smartcard is one of the problems PKCS11 was developed to address (I
believe you'll also need a driver specific to the smartcard that PKCS11
will load, your smartcard vendor can provide this for you). OpenSSL has
some type of support for PKCS11, exactly what I'm not sure, but that's
the direction you want to head, learn how to configure OpenSSL for
PKCS11. Armed with that information you'll be able to ascertain if the
current OpenSSL support in FreeRADIUS is sufficient to pass that
configuration information down to OpenSSL when it initializes (this
might very well require a code change).
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
