Question about OpenBSD as accesspoint with EAP-TLS

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Question about OpenBSD as accesspoint with EAP-TLS

Aleksandar Lazic
Dear Listmembers.

After reading a lot about 802.1x authentication I hope you can help me
to clarify some open questions.

1.) When I have more then one Certificate is a radius server mandatory?
2.) I think that the freeradius server is the server I will use, any
objections for this SW?
3.) Have anybody used this setup and have some hints and tips to avoid
pitfalls

Thank you for your help.

Best regards
Aleks

Some Links I have read.

http://undeadly.org/cgi?action=article&sid=20130128142215
http://hostap.epitest.fi/wpa_supplicant/
http://wiki.freeradius.org/protocol/EAP#EAP-TLS

http://www.openbsd.org/cgi-bin/man.cgi?query=ifconfig&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

####
wpaakms akm,akm,...
              Set the comma-separated list of allowed authentication and
key
              management protocols.

              The supported values are ``psk'' and ``802.1x''.  psk
              authentication (also known as personal mode) uses a 256-bit
pre-
              shared key.  802.1x authentication (also known as
enterprise
              mode) is used with an external IEEE 802.1X authentication
server,
              such as wpa_supplicant.  The default value is ``psk''.  
``psk''
              can only be used if a pre-shared key is configured using
the
              wpakey option.
####