Hello, This is a not a direct FDS question but I thought I will ask anyway. I want to issue digital certificates (stored and verified on FDS) to every laptop and desktop. When the laptop/desktop gets on the network and requests a DHCP IP address, I want the DHCP server to verify the certificate before access to the network resources is allowed. Something similar to the Hotspots in coffee shops and hotels but that uses certificates instead of login/password from user.
Has worked on something like this or can point to me to such white papers?
Cheers, -Satish.
On Sun, 2007-12-02 at 11:31 -0800, Satish Chetty wrote:
This is a not a direct FDS question but I thought I will ask anyway. I want to issue digital certificates (stored and verified on FDS) to every laptop and desktop.
If I needed this today, I'd use Red Hat Certificate System to do it. Soon there will be a Fedora Certificate System as well... pki.fedoraproject.org
When the laptop/desktop gets on the network and requests a DHCP IP address, I want the DHCP server to verify the certificate before access to the network resources is allowed. Something similar to the Hotspots in coffee shops and hotels but that uses certificates instead of login/password from user.
You don't really want to do this at the DHCP server. Anyone with a sniffer, a couple minutes, and a clue could get on your net in spite of it, even if it were possible. DHCP was never intended to be a security service. DHCP requires the client to already have access to the physical media, and just helps the client play nicely by filling it in on the local conventions, so to speak. It sounds like perhaps what you really want is 802.1x with EAP-TLS. 802.1x actually restricts access to the media, though it takes some infrastructure, including switch support. One of the authentication mechanisms available is EAP-TLS, which lets you use certificates for authentication.
Andrew C. Dingman wrote:
On Sun, 2007-12-02 at 11:31 -0800, Satish Chetty wrote:
This is a not a direct FDS question but I thought I will ask anyway. I want to issue digital certificates (stored and verified on FDS) to every laptop and desktop.
If I needed this today, I'd use Red Hat Certificate System to do it. Soon there will be a Fedora Certificate System as well... pki.fedoraproject.org
When that website (pki.fedoraproject.org) is going to be opened to the public?
Regards, Kimmo Koivisto
Satish Chetty wrote:
Hello, This is a not a direct FDS question but I thought I will ask anyway. I want to issue digital certificates (stored and verified on FDS) to every laptop and desktop. When the laptop/desktop gets on the network and requests a DHCP IP address, I want the DHCP server to verify the certificate before access to the network resources is allowed. Something similar to the Hotspots in coffee shops and hotels but that uses certificates instead of login/password from user.
Has worked on something like this or can point to me to such white
papers?
www.freeipa.org - The IPA guys are working on Radius right now (using FreeRadius) - this sounds like something that should get on their radar.
Cheers, -Satish.
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org