Usermanagement and EAP-TLS

Jouni Malinen j at w1.fi
Tue Oct 7 10:27:37 EDT 2008


On Tue, Oct 07, 2008 at 02:59:30PM +0200, Martin Schneider wrote:

> I'm using mutual EAP-TLS authentication for clients and AP in my
> network. I'm wondering how to realize some sort of simple user
> management.
> 
> How can I disable network access for a certain user? For me, it looks
> like that every user that has a valid certificate is able to perform
> the authentication and will get network access. Do I have to revoke
> the user certificate? Or what is the process that is normally used for
> this kind of user management.

Yes, revoking the certificates is indeed the recommended way of
disabling individual users. This is of course assuming that your
authentication server supports CRL.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list