[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Router -- WPA = { sym, asym via 802.1x = { Radius, Kerberos,

To: Casey Boone <caseyboone@gmail.com>
Subject: Re: Router -- WPA = { sym, asym via 802.1x = { Radius, Kerberos,
From: "Bryan J. Smith" <b.j.smith@ieee.org>
Date: Tue, 25 Jan 2005 18:26:08 -0800
Cc: silug-discuss <silug-discuss@silug.org>
In-Reply-To: <c5632741050125122773b5f87d@mail.gmail.com>
Organization: Southern Illinois Linux Users Group
References: <200501200330.j0K3UbAp002403@abbmta2.siu.edu> <008601c50094$140fd970$5102a8c0@bigdog> <c563274105012211327c71df76@mail.gmail.com> <1106555863.2598.219.camel@localhost.oviedo.smithconcepts.com> <c5632741050125122773b5f87d@mail.gmail.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

On Tue, 2005-01-25 at 12:27, Casey Boone wrote:
> ???

There are _more_ options than to use a Radius server.  I'm seeing more
and more people state these are the _only_ two modes when they are the
_only_ two supported by Cisco/Microsoft.

> i never said 802.1x WASN'T 802.1x, actually i never said it was
> anything, only that it was used in normal WPA mode

But 802.1x can connect to other things than Radius.  That was my point. 
"Normal WPA mode" uses 802.1x, so it can connect to other things too. 
;->

The limitation to Radius is a Cisco-Microsoft proliferated non-sense --
more namely, MS Internet Authentication Service (IAS).  Microsoft
expects you to _always_ do anything 802.1x through IAS, hence the
popular "Radius required" myth.  So if you are going to state
Cisco-Microsoft specifics, please indicate as such.  That was my beef. 
;->

Sorry to be anal on this, but I've seen some people get really
frustrated in the past with the so-called Radius requirement for WPA
using public key.  ;->

> actually the biggest hole was the implimentation that most vendors had
> where the AP would broadcast an "initialization vector" that contained
> 24 bits of the key.

Oh, there's all sorts of issues with how it was implemented.  I agree.

> for a home network i see no problem with this, for a corporate network
> they will have a network guy set this up and if he leaves it in this
> state then he is to blame.

Not if they don't have a full-time network guy, and your the consultant
that comes back and finds out they disabled it all for "compatibility."

> the current state with operating systems is that linux expects the user
> to know what he/she is doing (havent used the kde wifi manager thing
> yet, it might change things a bit) and windows xp warns and makes you
> check a checkbox before it will let you connect to an unsecured
> wireless network.

Of course.

-- 
Bryan J. Smith                                   b.j.smith@ieee.org 
------------------------------------------------------------------- 
Linux Is Everywhere Insight #5:  Branding Requirements in Licenses
How do you tell if an embedded appliance runs Linux?  You can't
There is no requirement that a vendor disclose it runs Linux
How do you tell if an embedded appliance runs Windows?  The logo
Because the Microsoft Windows logo will be bigger than the vendor's

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: Router -- WPA = { sym, asym via 802.1x = { Radius, Kerberos,
  - From: Casey Boone <caseyboone@gmail.com>

References:
- Router
  - From: "Aaron" <aaron@roccer.net>
- Re: Router
  - From: "Joshua" <josh@unified-tech.com>
- Re: Router
  - From: Casey Boone <caseyboone@gmail.com>
- Re: Router
  - From: "Bryan J. Smith" <b.j.smith@ieee.org>
- Re: Router
  - From: Casey Boone <caseyboone@gmail.com>

Prev by Date: Re: web hosting providers
Next by Date: Mozilla browser problems.
Prev by thread: Re: Router
Next by thread: Re: Router -- WPA = { sym, asym via 802.1x = { Radius, Kerberos,
Index(es):
- Date
- Thread