On 8/6/09 12:49, devesh gade wrote:
hi alan,
Windows caches the EAPOL credentials for that network after
a successful connection.
Thanks for confirming,I had thought so.
I would like to inform you that i am working on the server side and not
the client side.Hence it is not feasible to change the registry entry of
every client.
you could have a logout script that wipes the EAPOL stuff..
is there any way to write this logout script at the server side and
execute it at the client?
Also,is there any other way so that the client is asked his
username/password every time he tries to connect to the network?
Is there any change to be made to the eap.conf file in the tls{}
cache{} section so that this problem may be solved?
No. That section has absolutely nothing to do with credential caching. As stated it controls *session* caching which is something completely different, and should only be enabled to allow rapid
re-authentication.
Nothing you can do server side will stop the supplicant using cached credentials, other than issuing a reject every other authentication attempt (and this only works with windows, and not reliably);
or using an OTP system like the RSA SecurID tokens.
Arran
--
Arran Cudbard-Bell ([email protected]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
