In other words, EAP-TTLS/EAP-TLS isn't actually supported in freeRADIUS?
If you're going to be an idiot, you can be unsubscribed from this list.
It takes one to know one. I'd stop acting DeCock if I were you though.
-
List info/subscribe/unsubscribe? See
Networks, no matter how secure, can be compromised. As I pointed out
previously - one can never be too careful.
You're not smart if you regurgitate trite phrases.
And you are not smart either when you start throwing insults around.
You're smart if you spend the time to
MD5 is broken.
Thanks for the public service announcement.
Pleasure!
Do you seriously think the IETF, and the people responsible for RADIUS
protocol evolution, aren't aware of this?
Seriously, what would you like us to do exactly? Travel back in time
to the mid 1990s and re-do the first
No. WAP == Wireless Access Point.
Noted, thanks.
indeed the case - the client will be a Linux-based device with
wpa_supplicant and a driver which supports nl80211/cfg80211, so I can
configure - at least on the client's part - EAP-TTLS/EAP-TLS
authentication. My aim is to do the same on AP
Why don't you try reading about EAP and 802.1X too?
I did.
Interesting, noted. It would be nice if this works in a similar way as the SSL
handshake works - this is very secure, tested and already established in the
real world.
Of course it does, it's using TLS...
Thank you.
I ma trying to set up freeRADIUS server implementing (wireless) user
authentication (running wpa_supplicant) via AP (running hostapd).
After reading various howto's and documentation as well as looking at
numerous sources on the Internet, I can't see a way in which the AP is
authenticated to
After reading various howto's and documentation as well as looking at
numerous sources on the Internet, I can't see a way in which the AP is
authenticated to the RADIUS server by using only its certificate
attributes (CN, Subject, Issuer etc) - it seems that freeRADIUS always
needs some sort of
In other words, EAP-TTLS/EAP-TLS isn't actually supported in
freeRADIUS?
It is. I believe you misunderstood how RADIUS works.
Maybe, considering I've been reading about RADIUS for just over 2 days...
The connection between the AP (called NAS in RADIUS) and the
RADIUS-Server is only
Addition: The first FreeRADIUS version to include native RADsec support
will be 3.0. To use it with a version below that, you usually proxy your
normal RADIUS request through a software like radsecproxy.
Very interesting indeed. How about tunnelling (via ssh for example) - is
that a similar
so it is, you can only protect your AP client with the shared secret key.
Not necessarily. If the switch to which the WAP is connected supports
802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
By WAP I take it you mean the wireless client, right? If so, this is
No, the shared secret is not transmitted over the wire.
For additinal information see RFC2865, ยง2:
When a password is present, it is hidden using a method based on the
RSA Message Digest Algorithm MD5. (see RFC131).
MD5 is broken.
My question still remains though - since this is a
Well, if you cannot trust your own internal network, then you have other
problems than securing your RADIUS authentication.
Networks, no matter how secure, can be compromised. As I pointed out
previously - one can never be too careful.
-
List info/subscribe/unsubscribe? See
12 matches
Mail list logo