Because I want to make sure that the RADIUS accounting logs reflect the user's real identity for forensic purposes.
-Neil -- Neil Johnson Network Engineer Information Technology Services The University of Iowa 319 384-0938 [email protected] > -----Original Message----- > From: Alan Buxey [mailto:[email protected]] > Sent: Thursday, November 11, 2010 10:25 AM > To: Johnson, Neil M > Cc: [email protected] > Subject: Re: [RADIATOR] EAP Forcing outer identity to match inner > identity > > Hi, > > Does anyone have suggestion on how to reject a user if there outer > identity doesn't match their inner identity ? > > why should it? thats why the outerid can be anonymous (granted, > Windows have only > just added that feature in Vista and 7 - but anonymous outer ID has > been in most > EAP clients for a long time.) by enforcing this you force people to > put their real > ID into the open outer id and thus tell remote places who they are. > that shouldnt > be the concern of the remote site - the home site cares because they > are the ones > that authenticate you and validate you. > > alan _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
