>>>>> "Adam" == Adam Bishop <[log in to unmask]> writes:
Adam> On 4 Jun 2014, at 16:28, Sam Hartman <[log in to unmask]> wrote:
>> I've never tried to use TLS-PSK with libradsec.
Adam> Oh, that’s true... I assumed this had been tested but you’re
Adam> quite right, this is new ground.
>> We've always used client certs.
Adam> I have previously, but it’s so much hassle to manage a CA for
Adam> such a small scale thing. Would this (theoretically) be
Adam> supported by the SSP too?
Not currently, no.
It's just a matter of exposing the configuration and making sure we have
a new enough libradsec.
>> I can take a look but it will be a few days. Perhaps Linus knows
>> what's going on.
Adam> I’d be interested to see if this can be made to work in time
Adam> for the workshop, would help keep things simple if each user
Adam> can avoid using their own CA.
When is the workshop.
How does this prioritize compared to:
1) Fixing the doesn't work on modern Ubuntu bug
2) Fixing the RP retries when IDP looses key bug
--Sam
|