"Shawn Kennedy" <[EMAIL PROTECTED]> wrote: > Thanks for the heads up. Wasn't aware of such a thing. > I briefly looked at CHAP, but abandoned it for the > obvious reasons. Looking into EAP-TLS, but don't > have a PKI infrastructure set up yet.
EAP-TTLS or PEAP don't require client certs, only server certs. > Just as a side question, is this sort of thing > on FreeRadius's radar screen? radsec? It addresses the server->server problem, not the supplicant login problem. Sure, it's on the radar, but so far there hasn't been much *practical* interest in implementing it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html