Artur Hecker <[EMAIL PROTECTED]> wrote: > if i understand you correctly, you describe a case where the CA-root > certificate and the server certificates are one and the same, don't you?
No, but where the client certificates are signed by the server certificate. In that case, the server (through the certificatge) has already said that the user is ok (by signing the users certificate.) Since that's done, there's not much point in checking a database, to see if the server knows about the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html