On 11/23/2011 05:17 PM, Sam Hartman wrote:
> Why can't the python module query the inner username directly?
> we definitely want the python module populating the outer tunnel.
IMHO inner authentication is a tunnel between "user" and authN-Service
where confidential data is sent. Freeradius server should not mix in and
should only deal with data that is sent for outer authentication. Unless
GSS-API/EAP specifies to send username (beside host and service name)
for outer authentication.
Markus
|