RV> but if I wanted to extract the emailAddress or CN field from the
RV> X509 certificate and authorize it against my LDAP tree
AdK> The limitation isn't the users file.
AdK> It's that extracting the fields from the certificate is hard.
I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from
the user certificate in order to check it against User-Name (or whatever).
Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name
for an extracted CN for whatever additional lookup you need.
Or am I getting it wrong?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
