EAP-TTLS +PAP tunning
Sergio Belkin
sebelk
Wed May 7 04:46:40 PDT 2008
2008/5/7 Jouni Malinen <j at w1.fi>:
> On Tue, May 06, 2008 at 10:56:54AM -0300, Sergio Belkin wrote:
>
> > I have a freeradius server that is working well in university. We use
> > EAP-TTLS and PAP protocols.
>
>
> > the nm-applet for setting the connection up. But I'd want to find a
> > way to automatize it, that it finds the TTLS certificate and verifies
> > the server name (I didn't see this feature in Linux). Could you help
> > me to do this with wpa_supplicant? (What tools/apps and file config
> > should I look?)
>
> Is your server certificate signed by one of the common CAs (i.e.,
> something that is included in trusted CA lists)
Yes it is
or is this an in-house
> self-signed CA (if yes, how is the CA certificate distributed to
> clients?)?
In Windows, it's bundled with SecureW2 (a customized installation
includes CA certificate),
>
> wpa_supplicant can be configured to trust a set of CA certificates,
> e.g., using a single PEM file with multiple files or using ca_path
> parameter to point to a directory of trusted CA certificates. For
> example, ca_path="/etc/ssl/certs" would do this on a Gentoo system (that
> directory of CA certificates may differ in other distros). subject_match
> and altsubject_match parameters can be used to configure requirements
> for the authentication server certificate, e.g.,
> altsubject_match="DNS:as.example.com".
Thanks Jouni, I think that that's is what I'm looking for!
Greets.
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Hostap
mailing list