On Thu, 14 Nov 2002, Bon sy wrote: > What's the assumption on the OS and wireless cards for supporting EAL-TLS > authentication. In other words, any standard compatibility issues on using > any OS and wireless cards as xsupplicants? >
This is a quote from MS's page, who just released a 802.1x supplicant for Win98, ME, NT and 2K: http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp IEEE 802.1X is an authentication standard that greatly reduces the security vulnerabilities associated with connections to IEEE 802.11 wireless networks. IEEE 802.1X authentication uses Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. EAP-Transport Level Security (EAP-TLS) is used in certificate-based security environments. It provides the strongest authentication and key determination method. EAP-TLS provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticator. On the AP, it must be able to contact a RADIUS server, forward the authentication, then pass the unique encryption key to the client after the RADIUS servers accepts the client. On the server side, the RADIUS server has to support the EAP method of authentication, and the specific subset of EAP (TLS in this case) as well. freeradius does this (as long as it's compiled with a beta version of openssl), and Win2K server (with IAS) does this. I am not aware of any other "free" (as in either built-in or GPL) implementation. As for compatibility, I had problems when using Win2K SP2 with IAS with WinXP client, but that was a few month ago. I tried to compile freeradius along with openssl-0.9.6c, but apparently only 0.9.7 can support the EAP TLS method. There is a way to install openssl unstable for the purpose of linking against freeradius, but I'm not sure I want to do that yet. Kevin "Starfox" Arima -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
