On 11/23/2011 07:55 PM, Markus Grandpre wrote:
> On 11/23/2011 05:17 PM, Sam Hartman wrote:
>> Why can't the python module query the inner username directly?
>> we definitely want the python module populating the outer tunnel.
> IMHO inner authentication is a tunnel between "user" and authN-Service
> where confidential data is sent. Freeradius server should not mix in
> and should only deal with data that is sent for outer authentication.
> Unless GSS-API/EAP specifies to send username (beside host and service
> name) for outer authentication.
because outer authentication is between service and freeradius server.
(i forgot to mention)
Markus
|