Hi.
Is there in pppd an option to specify that we want the peer
authenticate us using EAP, and to refuse to continue if it does not
request us ?
I need it to perform an eap-tls authentication.
-
To unsubscribe from this list: send the line unsubscribe linux-ppp in
the body of a message to
On Thu, Feb 24, 2005 at 11:37:29AM -0500, James Carlson wrote:
Is there in pppd an option to specify that we want the peer
authenticate us using EAP, and to refuse to continue if it does not
request us ?
You'd do it with refuse-pap refuse-chap refuse-mschap
refuse-mschap-v2.
Sorry, I
[EMAIL PROTECTED] writes:
You'd do it with refuse-pap refuse-chap refuse-mschap
refuse-mschap-v2.
Sorry, I made the question in a wrong manner.
I don't want to tell the peer what authentication to do if necessary, but
I want to tell it that I want to authenticate myself (and with EAP),
On Thu, Feb 24, 2005 at 09:43:11AM -0800, Bill Unruh wrote:
He understood you perfectly. That is precicely what the refuse-... do,
except that
you cannot force the other side to authenticate you .
This is what I wanted to know.
If you
want them to authenticate themselves to you then you
On Thu, Feb 24, 2005 at 01:15:54PM -0500, James Carlson wrote:
Because I've written a patch to pppd that permits eap-tls authentication.
eap-tls provide mutual authentication, so if you (client) connect to a
server,
you want to be sure of its identity, so the authentication can't be
[EMAIL PROTECTED] writes:
Instead, one side should request it, and the
EAP method *itself* provides mutual authentication.
Ok.
The server must request it.
But if the server doesn't request authentication?
The client will connect to an untrusted server.
We don't want this to happen.
If
On Thu, Feb 24, 2005 at 01:53:20PM -0500, James Carlson wrote:
If it doesn't request it, then, clearly, it doesn't support it or want
to demand it of its peers. If your local policy rules are such that
you won't talk to someone who doesn't initiate authentication, then I
think the best answer
On Thu, 24 Feb 2005 [EMAIL PROTECTED] wrote:
On Thu, Feb 24, 2005 at 01:27:54PM -0800, Bill Unruh wrote:
Then demand that they authenticate themselves to you via eap. If that is
what you want then demand it. Why are you trying to force them into
demanding it from you? I want you to do something.
if I trust him, but we have not authenticated each other,
then it's a problem
If you trust him, then you trust him. If you require authentication then
you do not trust him.
What prevents you from putting
require-eap
into your options file which will result in your eap asking him to
authenticate