I want to configure my network so that anyone with a (non-revoked, non-expired) certificate can connect without a username or password. is that possible? is it possible to issue username/password as a fallback for short-term clients?