On 30/11/10 16:55, Andrew Bovill wrote:
It seemed to me that it wouldn't connect if I left the Identity blank, so that may be what was confusing me.
Most supplicants will use the "cn=XXX" from the cert as the identity, but it really makes sense to ask, because they may not be (often are not) the same
I doesn't seem to me like there would be, but is there any way to have, say, a 'guest' certificate, that can be handed out to multiple people and be used simultaneously with EAP/TLS?
A certificate is like any other credential; anyone who knows it (or has it) can use it.
Whether that's a good idea is another matter; how do you revoke it and manage re-issuance once one guest leaves? How do you distinguish between their activity? And so on.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html