On 12/16/05, Kouji Amemiya <[EMAIL PROTECTED]> wrote: > I was using the certificate published by OpenSSL, I revoked this certificate. > (Herewith, this certificate's information was written on CRL.) > > And I attempted PEAP authentication by this revoked certificate, > but authentication result was "Access-Accept".
For peap you don't use a certificate on the client (better: supplicant) side, so it is not checked. What you seem to have revoked is the certficate the server presents to the supplicant, which has no part in deciding to authorize/authenticate the user. Why the supplicant doesn't refuse the supposedly revoked server certificate would be interesting (you could look into your setup, if the supplicant did check for the latest CRL of the certicate's issuer), but is unresponsive to your original question. Regards, Klaus Hörcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html