Summary
The following are some of the key points we touched upon in this chapter:
- EAP is a framework with extensibility as a core feature. This allows new EAP methods to be introduced without any changes to the authenticator.
- EAP allows us to proxy requests through third-party RADIUS servers without exposing a person's username and password when we use EAP-TTLS or PEAP.
- Tunneled EAP methods have two identities, which can be compared with one another.
- The use and distribution of a dedicated self-signed CA is recommended for maximum security. Educate the users to install and specify the use of the self-signed CA in the supplicant configuration.
- The value of the
User-NameAVP returned in anAccess-Acceptwill be used by the authenticator when sending accounting details to the RADIUS server. - The JRadius Simulator program comes in very handy when testing various EAP methods.
Pop quiz – EAP
- You have just installed FreeRADIUS and after initial tests using your captive portal as client you...
