Hi,
> On 04 Apr 2016, at 11:24, Hartmaier Alexander
> <alexander.hartma...@t-systems.at> wrote:
>
> On 2016-03-30 15:10, Tuure Vartiainen wrote:
>>
>>> On 30 Mar 2016, at 14:55, Hartmaier Alexander
>>> <alexander.hartma...@t-systems.at> wrote:
>>>
>>> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
>>> Not sure if the outher EAP-PEAP adds any real security as the Radiator
>>> cert is the same one for both types as it only hides the transmission of
>>> the user cert which can be classified like a public key imho.
>>>
>> Ack.
> Would you say that using PEAP-TLS for both wired and wireless auth is
> overkill even when both are considered sniffable?
>
Somewhat yes, I get the idea of anonymizing user’s identity with PEAP, but
for example with demo test certificates bundled with Radiator, PEAP-TLS
takes 15 rounds for a single EAP authentication.
>>
>> We’ll add a feature, which will allow the total time along with an on-demand
>> timing to be used through %{...} special format in AuthLogs etc.
> Thanks! Please inform me when it has landed in the patches.
>
Yes, I’ll reply here.
BR
--
Tuure Vartiainen <varti...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
