fails.
How can re-map such `User-Names'? I've tried to create realm with
LOCAL mapping, but it doesn't help much :(
It seems, that eap-tls `xlat' user-name before check, but xlat is not
well-documented :(
--
// Lev Serebryakov
-
List info/subscribe/unsubscribe? See http
Michal Prochazka wrote:
I'm open for every remark and enhancement of this patch.
IMHO, it is very breakable script: it compare only strings (issuer
name, subject, etc), which can be forged easily. IMHO, we need to check
sha1/md5 signatures of CA certificates, not strings.
--
// Lev
Michal Prochazka wrote:
I'm open for every remark and enhancement of this patch.
BTW, here is `CA_file' parameter in `tls' module, so CA certificate
know to us. And we can check this CA without any external script
--
// Lev Serebryakov
-
List info/subscribe/unsubscribe? See http
, I've missed your point, sorry.
This patch is against using some (for example, e-mail signing)
certificate (issued by proper CA!) as wireless client's one, am I right
on second try? :)
--
// Lev Serebryakov
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
4 matches
Mail list logo