[CentOS] RADIUS
John Hodrien
J.H.Hodrien at leeds.ac.uk
Fri Feb 23 12:02:53 UTC 2018
On Fri, 23 Feb 2018, hw wrote:
> There are devices that are using PXE-boot and require access to the company
> LAN. If I was to allow PXE-boot for unauthenticated devices, the whole
> thing would be pointless because it would defeat any security advantage that
> could be gained by requiring all devices and users to be authenticated:
> Anyone could bring a device capable of PXE-booting and get network access.
I'd hope that you could involve TPM in this game. PXE to unauthenticated
VLAN, boot an OS that could then use TPM to pull out a credential to
authenticate to the network and switch to another VLAN.
> As a customer visting a store, would you go to the lengths of configuring
> your cell phone (or other wireless device) to authenticate with a RADIUS
> server in order to gain internet access through the wirless network of the
> store?
No, I'd never offer wireless network access this way. Typically, you either
offer it unauthenticated, or you provide it via a captive web portal.
jh
More information about the CentOS
mailing list