I've setup freeradius to authenticate users via EAP-TLS. To enforce security I'd like
to check the username contained in the client certificate. Is there a way to do it
based on the SubjectAltName instead of the CN?
The eap.conf knows only the CN based option:
check_cert_cn = %{User-Name}
The SubjectAltName in my certificates contains an email address and is more easily
to handle.
Regards,
Thomas
--
Thomas Kraemmer
