eapol_test tool
Dana Blanaru
dana.blanaru
Wed Jun 18 01:03:29 PDT 2008
Hi,
Yes, I've found this instruction in eap.conf:
You can make TTLS require a client cert by setting
EAP-TLS-Require-Client-Cert=Yes
in the control items for a request.
But i don't know how to control the items for a request. I just insert
EAP-TLS-Require-Client-Cert=Yes in the ttls module of eap.conf file? Or?
And then I have to add to the eapol_test config file the client certificate
like highlighted below:
network={
eap=TTLS
eapol_flags=0
key_mgmt=IEEE8021X
identity="testuser"
password="password"
anonymous_identity="anonymous"
ca_cert="/home/gcheng/myCA/cacert.pem"
*client_cert="/home/gcheng/myCA/testuser_cert.pem"
private_key="/home/gcheng/myCA/testuser_key.pem"
private_key_passwd="whatever"*
phase2="auth=CHAP"
}
?
Thank you for your assistance on this.
On Fri, Jun 13, 2008 at 4:53 PM, Jouni Malinen <j at w1.fi> wrote:
> On Fri, Jun 13, 2008 at 02:42:53PM +0200, Dana Blanaru wrote:
> > Currently my server doesn't support mutual authentication.
> > But i would like to test my client certificate so i was thinking to use
> > eapol_test against freeradius. By any chance do you know how to set
> > freeradius for TTLS mutual authentication?
>
> No, but it was easy to find out.. How about reading FreeRADIUS
> documentation or more specifically, eap.conf? ;-)
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20080618/712df7cc/attachment.htm
More information about the Hostap
mailing list