> From: [email protected] [mailto:[email protected]] > On Behalf Of Adam Tauno Williams > > On Sat, 2013-04-06 at 00:36 +0000, Edward Ned Harvey (lopser) wrote: > > I believe radius only handles password authentication. > > That's false. Radius supports TLS based authentication, as well as wide > variety of other schemes. > > <http://www.wmmi.net/documents/WirelessEAPRADIUS.pdf>
My prior belief, which is apparently supported by the pdf you referenced (if you look closely again) is that EAP-TLS supports authentication with certs or other-than-password, and then after you pass the EAP authentication (which basically authenticated your device via cert) you then authenticate password against radius. From the user perspective it'll all happen so fast they don't even know what's happening, but AFAIK, the actual cert authentication isn't handled by radius. Radius password is just the second factor. (Or depending on how the admin configured it, the only factor; and that is what I'm discouraging.) _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
