From: Jan Just Keijser <jan.just.keijser@gmail.com>
To: linux-ppp@vger.kernel.org
Subject: Re: Authentificating with certificates ("unknown authentication type
Date: Thu, 20 Oct 2005 10:42:11 +0000 [thread overview]
Message-ID: <43577483.8040405@gmail.com> (raw)
In-Reply-To: <e8666cf9050727142635284b29@mail.gmail.com>
hi all,
there already is a patch to do EAP-TLS authentication with ppp; see
http://eaptls.spe.net
for details. I've just completed the patch against ppp-2.4.3 to allow
MPPE encryption with EAP-TLS. I have created two versions:
- one against the ppp_mppe module which supports 128bit MPPE but no MPPC
- one against the ppp_mppe_mppc module which supports 40/56/128 bit MPPE
and MPPC (but there are some licensing issues, I believe, with using MPPC).
Tested it with both XP and W2K as clients, Linux as a PoPToP server -
works beautifully :)
anybody interested?
cheers,
JJK
>Boky Gmail writes:
>> Note: resending; it seems it didn't get through the first time round.
>
>No, it came through fine the first time.
>
>> I was wondering if it is possible to use certificates instead of
>> passwords for authentification over PPTP?
>
>"Possible"? Sure; you've got source code.
>
>> EAP: unknown authentication type 13; Naking
>
>That's EAP-TLS. At least for debug, we should add decoding of the
>well-known types.
>
>> Now, I know for a fact that our administrator has certificate-only VPN
>> login policy in place.
>
>Sounds likely.
>
>> I am suspecting that "EAP: unknown authentication type 13; Naking"
>> means that the server requested certificate-based authentification but
>> the client does not have any implementation to handle this and
>> therefor the conection terminated.
>
>Right.
>
>> Is my hunch correct?
>
>Yes.
>
>> If it is, will certificate authentification be ever possible?
>
>Sure; it's possible.
>
>> If so,
>> is there an ETA? A feature-request, perhaps?
>
>Unless you're volunteering to write the code or know some who is
>volunteering (and has the right equipment to test the results
>properly), then I can't imagine what the ETA would be. This is open
>source; things get done because someone cares about the result, not
>_just_ because there's a request.
>
>--
>James Carlson 42.703N 71.076W <carlsonj@workingcode.com>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2005-10-20 10:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-27 21:26 Authentificating with certificates ("unknown authentication type 13; Naking") Boky Gmail
2005-07-28 17:00 ` Boky Gmail
2005-07-28 17:33 ` James Carlson
2005-07-28 17:40 ` Boky Gmail
2005-10-20 10:42 ` Jan Just Keijser [this message]
2005-10-20 10:56 ` Boky Gmail
2005-10-20 11:42 ` Authentificating with certificates ("unknown authentication type Jan Just Keijser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43577483.8040405@gmail.com \
--to=jan.just.keijser@gmail.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.