EAP-TTLS/EAP-TLS hostap configuration
Mon Nov 28 01:25:46 PST 2011
On Sun, Nov 27, 2011 at 04:30:06PM +0000, Mr Dash Four wrote:
> I see! So, if I use external RADIUS none of the EAP configuration, apart
> from the shared_secret part, is applicable in my case, right? However,
> if I decide to use hostapd as RADIUS would I be able to configure it
> that way - with (potentially) two separate sets of ca, server & user
> certificates for each phase (EAP-TTLS - outer, and then EAP-TLS - inner)?
> In addition, is it possible to specify user-authentication matching by
> certain certificate attributes (CN, Subject etc), is that implemented in
The internal authentication server in hostapd is focusing more on small
size than large set of functionality that could be more common in
enterprise environments. Neither two different sets of server
certificates nor matching of certificate attributes are supported.
Jouni Malinen PGP id EFC895FA
More information about the Hostap