> Hi,
> I'm actually wanting the per-user WEP key to stay static accross a user's sessions. So I want per-user weps, but not rotating them. Does this make any sense?
>
> Thanks,
> John
no, because you want the wep key(s) to be created/delivered by freeradius at least once. from this point on, it does not make any difference if you do it daily or only once in a lifetime.
the problem is the key management. and giovanni is basically right that without using a key management you can't have one in the first place.
you have to use EAP. the best for what you want to do, is something which wouldn't oblige you to deploy complicated things on the user equipment. that basically throws EAP/TLS out of competition. if you use cisco equipment, try LEAP. it is supported by freeradius and is basically user+password. client software from cisco runs under each windows version.
peap or ttls would be nice too. i don't think they are already supported by freeradius though, but it seems to be in development.
ciao artur
[EMAIL PROTECTED] wrote on 06/12/2003 09:53:20 AM:
In a nutshell, can a Cisco Aironet 350 Access Point accept a per- user WEP key from Freeradius (and can Freeradius serve it one)?
Well, you're trying to re-invent EAP without actually using EAP. Can't get there from here; if you want the security of per user rotating WEP keys, you _have_ to do some form of eap (leap, peap, eap-tls, etc.).
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
