Re: RADIUS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, 23 Feb 2018, hw wrote:

There are devices that are using PXE-boot and require access to the company
LAN.  If I was to allow PXE-boot for unauthenticated devices, the whole
thing would be pointless because it would defeat any security advantage that
could be gained by requiring all devices and users to be authenticated:
Anyone could bring a device capable of PXE-booting and get network access.

I'd hope that you could involve TPM in this game.  PXE to unauthenticated
VLAN, boot an OS that could then use TPM to pull out a credential to
authenticate to the network and switch to another VLAN.

As a customer visting a store, would you go to the lengths of configuring
your cell phone (or other wireless device) to authenticate with a RADIUS
server in order to gain internet access through the wirless network of the
store?

No, I'd never offer wireless network access this way.  Typically, you either
offer it unauthenticated, or you provide it via a captive web portal.

jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux