On 30/11/10 16:10, Andrew Bovill wrote:
It just seems weird that nearly ALL of the suplicants I've used
*require* me to give a username/password (or at least an Identifier +
password) in addition to the unlocked certificate. Maybe a better
question is: What's the point of the username/pass that's also being
sent by the supplicant?
Well, the username goes into the EAP-Identity field. For example you
might put:
u...@home.org.com
...and be in a radius roaming federation like eduroam, but your
certificate may contain:
cn=user,o=Home Org,...
...so you need to be able to specific a username.
Password is not used in EAP-TLS; the supplicants I've seen don't ask for
it (Windows, MacOS, Linux/NetworkManager, Nokia E-series)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html