Mac dual certificate authentication

Jouni Malinen j
Sat Mar 8 00:12:48 PST 2008

On Fri, Mar 07, 2008 at 03:27:09PM -0800, Mike Hunt wrote:

> I am trying to connect Macs to our current 802.1x cisco infrastructure. We
> use both computer and user certificate authentication which are stored in
> AD. Our macs are joined to the domain using Centrify's Direct Control. Is
> there a supplicant that can be installed on the macs that will offer a
> solution to this. Apple's current supplicant will only do one certificate.

Are you using computer certificate ("machine certificate") in the normal
way of completing the authentication prior to anyone logging in on that
host? Or is it also somehow required during user authentication?

It should be possible to use the wpa_supplicant 0.6.x versions on Mac OS
X for IEEE 802.1X authentication. However, the integration with the OS X
login etc. is not there, so that would likely require some integration
work to make sure the program is started at proper time with the correct

I'm not very familiar with Mac login process, but it might be possible
to start wpa_supplicant from a script when the system is started and
when the current user is logging out and then stop wpa_supplicant when a
user logs in. That might allow wpa_supplicant to be used for machine
authentication and the native supplicant for user authentication.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list