Yes, the trust-router uses gss-eap authentication, so freeradius needs
gss credentials.
Here's an example credential from our internal test framework:
<?xml version="1.0" encoding="UTF-8"?>
<identities>
<identity>
<display-name>Trust Router Credential generated at 1384552190</display-name>
<user>82338d41-a0c8-4b34-8c2b-9faf5face311</user>
<password>passwordgoeshere</password>
<realm>apc.painless-security.com</realm>
<selection-rules>
<rule>
<pattern>trustidentity</pattern>
<always-confirm>false</always-confirm>
</rule>
</selection-rules>
<trust-anchor>
<server-cert>a4ea5e487fa9deb0ead43c3caa95bed918864d2a528a3d43eca904c0eb6c2810</server-cert>
</trust-anchor>
</identity>
</identities>
|