Re: EAP and server certificate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Damjan wrote: > Just to be sure, all EAP types require the radius server to have a > certificate right? > > and this certificate, i.e. it's parent needs to be installed in the > supplicants, right? > > No, EAP-MD5, EAP-GTC, EAP-SecurID and a few others don't need certificates. - -- Arran Cudbard-Bell ([EMAIL PROTECTED]), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkdn+gACgkQcaklux5oVKJ0JACfWkEl1yUFiEjn7Kv8FoxA3sih 3e0AoIJK+K45JP28OhrjE+dBYyc1wjFL =5jnV -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and server certificate
Thanks! I too was thinking on the same lines. Does EAP-GTC work only with Username n Password? Is there anything additional needed? What abt EAP-TTLS with EAP-GTC? Would certificates or anything additional to username and passowrd be required at the client/server side? Any good info on Token card handshake is welcome :) On Fri, Nov 14, 2008 at 9:27 PM, Arran Cudbard-Bell < [EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Damjan wrote: > > Just to be sure, all EAP types require the radius server to have a > > certificate right? > > > > and this certificate, i.e. it's parent needs to be installed in the > > supplicants, right? > > > > > > No, EAP-MD5, EAP-GTC, EAP-SecurID and a few others don't need certificates. > > - -- > Arran Cudbard-Bell ([EMAIL PROTECTED]), > Authentication, Authorisation and Accounting Officer, > Infrastructure Services (IT Services), > E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT > DDI+FAX: +44 1273 873900 | INT: 3900 > GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.8 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkkdn+gACgkQcaklux5oVKJ0JACfWkEl1yUFiEjn7Kv8FoxA3sih > 3e0AoIJK+K45JP28OhrjE+dBYyc1wjFL > =5jnV > -END PGP SIGNATURE- > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and server certificate
>Does EAP-GTC work only with Username n Password? Yes. >Is there anything additional needed? No. >What abt EAP-TTLS with EAP-GTC? Would certificates or anything additional to >username and passowrd be required at the client/server side? You need also a server certificate and to import CA certificate on the client if it is a self-signed one (using self-signed certificates is recommended). Same applies to all other TTLS methods and PEAP. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
