Evan Vittitow wrote:
Alan DeKok wrote:
Evan Vittitow wrote:
I think a large part of my problem is the creation of a Certificate
authority.
Why? See the various 802.1x howto's (pointed to from freeradius.org &
the wiki) for how to create certificates for the server.
Its very possible, that said Certificate authority for Radius could
hypothetically be used layer for IPSec. This being the case, what would
the best strategy be for implementing a PKI CA. Should I make one Cert
for every host? One server host and one client Cert for all hosts?
Different CAs for different Services? How will Mandriva's architecture
change affect this?
You want one certificate for the RADIUS server. For most RADIUS
situations, this is enough. And that certificate shouldn't be used for
anything else.
What do I give the xsupplicant clients?
A username and password, and optionally the CA cert so they can "trust"
the radius server cert.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
