Mutual TLS authentication in handshake phase of EAP-TTLS
Wed Mar 3 02:31:23 PST 2010
Is there anybody who can advise me as to what I can do next? It would
useful to know whether mutual TLS authentication is supported for TTLS.
know if the question is valid or not appropriate for this forum. I
the functionality of eapol_test is not as critical as that of the
but I would hope the answer would still be of general interest.
> -----Original Message-----
> From: Lewis Adam-VNQM87
> Sent: Thursday, February 25, 2010 11:42 AM
> To: 'hostap at lists.shmoo.com'
> Subject: Mutual TLS authentication in handshake phase of EAP-TTLS
> apologies if this question has been answered elsewhere - I
> looked but couldn't see anything, even in the "Mutual
> EAP-TTLS Authentication" thread.
> I am currently looking at the eapol_test code to see if I can
> use it as a RADIUS client. I have ran eapol_test with various
> EAP-TLS and EAP-TTLS configuration files, testing
> successfully with a freeRADIUS server. Looking at the
> EAP-TTLS RFC 5281, I have read the following:
> In EAP-TTLS, the TLS authentication may be mutual; or it may
> be one-way, in which only the server is authenticated to the client.
> My question is, does eapol_test currently allow mutual TLS
> authentication for EAP-TTLS? If so, how do I configure it (or
> the configuration files) to do so? I believe the tunnelled
> protocol can also be TLS but I want to avoid this as I need
> to have the ability to verify users rather than the client
> (e.g. by doing user/password checks).
> I'd appreciate any help you can give.
> Adam Lewis.
More information about the Hostap