From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 4 Feb 2010 07:50:37 +0000 (+0100)
Subject: Added note on global CA
X-Git-Tag: release_3_0_0_beta0~1585
X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=c72d8c2137a47386336d504287d225a7ecbe9a9e;hp=df2cde12dea88be4025cb38a53b4a8de2fb81705;p=freeradius.git

Added note on global CA
---

diff --git a/raddb/eap.conf b/raddb/eap.conf
index 11c4335..faaf8d8 100644
--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -144,6 +144,10 @@
 		#
 		#  http://www.dslreports.com/forum/remark,9286052~mode=flat
 		#
+		#  Note that you should NOT use a globally known CA here!
+		#  e.g. using a Verisign cert as a "known CA" means that
+		#  ANYONE who has a certificate signed by them can
+		#  authenticate via EAP-TLS!  This is likey not what you want.
 		tls {
 			#
 			#  These is used to simplify later configurations.