Usermanagement and EAP-TLS

Jouni Malinen j
Tue Oct 7 07:27:37 PDT 2008

On Tue, Oct 07, 2008 at 02:59:30PM +0200, Martin Schneider wrote:

> I'm using mutual EAP-TLS authentication for clients and AP in my
> network. I'm wondering how to realize some sort of simple user
> management.
> How can I disable network access for a certain user? For me, it looks
> like that every user that has a valid certificate is able to perform
> the authentication and will get network access. Do I have to revoke
> the user certificate? Or what is the process that is normally used for
> this kind of user management.

Yes, revoking the certificates is indeed the recommended way of
disabling individual users. This is of course assuming that your
authentication server supports CRL.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list