Re: [RADIATOR] Radiator + libtnc + tpm platform authentication IMC
Am 12.07.2013 11:28, schrieb Heikki Vatiainen: > this sounds like a normal EAP-TLS setup from the RADIUS/EAP server's > perspective. Please see goodies/eap_tls.cfg for EAP-TLS examples. I do > not think it matters to the servers side whether the private key is > stored in a TPM chip or in a file. Hello, thanks for the reply. That´s right. As far is I know Radiator should support EAP-TNC inside a TTLS-Tunnel. So the servers side should be fine (not tested yet!). More of a problem is the _Windows_ client side implementation with apropriate libraries like a TNC-compatible Supplicant, apropriate TSS and in particular an IMC to check platform identity. I just asking if there are possibly any experiences here with libtnc and an implementation like that, because I´m a little bit lost. Thanks, Flo ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator + libtnc + tpm platform authentication IMC
On 07/11/2013 07:31 PM, Florian Kabus wrote: > We would like to authenticate Win 7 endpoints with certificates stored > on the TPM and thus based on the identity deny or permit access to the > enterprise network. Hello Florian, this sounds like a normal EAP-TLS setup from the RADIUS/EAP server's perspective. Please see goodies/eap_tls.cfg for EAP-TLS examples. I do not think it matters to the servers side whether the private key is stored in a TPM chip or in a file. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator