EAP-TTLS +PAP tunning

Sergio Belkin sebelk at gmail.com
Wed May 7 07:46:40 EDT 2008


2008/5/7 Jouni Malinen <j at w1.fi>:
> On Tue, May 06, 2008 at 10:56:54AM -0300, Sergio Belkin wrote:
>
>  > I have a freeradius server that is working well in  university. We use
>  > EAP-TTLS and PAP protocols.
>
>
> > the nm-applet for setting the connection up. But I'd want to find a
>  > way to automatize it, that it finds the TTLS certificate and verifies
>  > the server name (I didn't see this feature in Linux). Could you help
>  > me to do this with wpa_supplicant? (What tools/apps and file config
>  > should I look?)
>
>  Is your server certificate signed by one of the common CAs (i.e.,
>  something that is included in trusted CA lists)

Yes it is

or is this an in-house
>  self-signed CA (if yes, how is the CA certificate distributed to
>  clients?)?

In Windows, it's bundled with SecureW2 (a customized installation
includes CA certificate),

>
>  wpa_supplicant can be configured to trust a set of CA certificates,
>  e.g., using a single PEM file with multiple files or using ca_path
>  parameter to point to a directory of trusted CA certificates. For
>  example, ca_path="/etc/ssl/certs" would do this on a Gentoo system (that
>  directory of CA certificates may differ in other distros). subject_match
>  and altsubject_match parameters can be used to configure requirements
>  for the authentication server certificate, e.g.,
>  altsubject_match="DNS:as.example.com".

Thanks Jouni, I think that that's is what I'm looking for!

Greets.
-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -


More information about the HostAP mailing list