On 02/04/2013 09:26 PM, Rich Graves wrote: > Well, Europe is about 5 years ahead of US .edu's, so your sense of what's > normal for eduroam is better than mine. I'm surprised, though. If the same > person visits mpifr-bonn and uni-bonn and cam.uk, they might need three > different passwords, and they must accept three different certificates for > three different RADIUS servers. It starts to get less simple, and less secure. > > We simply let guests who don't have eduroam at home on our open > "Registration" SSID. When they log on, PacketFence changes their VLAN (or > firewall rules, if you're running in-line). We find that we need an open SSID > anyway because some devices (mainly gaming consoles and older smartphones) > still do not support WPA2-Enterprise/802.1X. We have also had a few visitors > whose corporate IT security policies prevent them from accepting 802.1X > certificates. > > If you are concerned about guest wireless privacy, consider: > > - Turn on WEP or WPA2-PSK for your Registration SSID (supported by more > devices than WPA2-Enterprise) > - If it's easy to get a Guest account, does encryption really help? An > attacker could ARP-spoof almost as easily. >
Hi Rich, Thanks again for your insight. I agree, an open WLAN it shall be. As captain Adama used to state: "So say we all!" Cheers Jan -- MAX-PLANCK-INSTITUT fuer Radioastronomie Jan Behrend - Rechenzentrum ---------------------------------------- Auf dem Huegel 69, D-53121 Bonn Tel: +49 (228) 525 359, Fax: +49 (228) 525 229 [email protected] http://www.mpifr-bonn.mpg.de ------------------------------------------------------------------------ Die digitale Unterschrift dieser Mail kann durch das Zertifikat der DFN Global Hierarchie überprüft werden: https://ca.mpg.de/certs/root-DGP/deutsche-telekom-ca2-root-cert.der Weitere Informationen zur CA der MPG finden Sie unter: https://ca.mpg.de ------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
