On 29/08/13 13:21, Axel Thimm wrote:
The reason I'm not simply applying the patch is that this system is
covered by support by Red Hat and replacing the vendor shipped
freeradius (2.1.12) with a self-compiled one voids the support. So any
other solution that would allow me to keep the system under support
and still be able to check the certs Subject/CN would be great!
Ask RedHat? Since it's "supported"...
Otherwise, you could look at the "verify { }" stanza of the "tls { }"
block in eap.conf; this allows you to run an external script once you've
got the client cert, and there you can write any code you want to access
the various issuer/subject fields.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
