cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Philippe Hanset <phanset AT anyroam.net>
- To: db AT alaska.edu
- Cc: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] CAT profile installer vs manual config
- Date: Thu, 6 Sep 2018 21:40:48 -0400
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=anyroam.net
David,
If you have tried CAT and if the networking group tried it too,
you will have noticed that there is only an initial challenge for login/password and no need to choose the eduroam SSID, it is done automatically by the profile.
If you choose the anonymous option in CAT configuration (as an admin) your users will not need to enter a domain, they can enter their regular username. Another advantage of CAT: the profile is locked and does a good job preventing man in the middle attack.
Choosing the anymous AT alaska.edu
is also a great privacy protection method!
Let us know if this helps,
Philippe
My institution (U Alaska) is transitioning RADIUS implementations, more comprehensive 802.1X and hoping to deprecate current home-grown eduroam profile installers using EAP-TLS.CAT seemed a great fit but networking team is questioning the need or value of any profile installer, and proposes relying on built-in 802.1X supplicant support in common OS's (macOS, iOS, Windows, Android) for EAP-PEAP authentication. Please validate, challenge, or elaborate on this as a viable strategy.As I understand their position, if a user initally chooses the eduroam SSID, they will be presented with a challenge for network authentication which is passed via RADIUS to either local AD (for alaska.edu identities) or on to the RADIUS federation for any other realm). The only wrinkle they forsee is the need for users to enter the domain-qualified identity username AT alaska.edu rather than the unqualified username they enter for most authentication.Thank you,David BantzUA IAMTo unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users
- [[cat-users]] CAT profile installer vs manual config, IAM David Bantz, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Philippe Hanset, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, David Andrus, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Felix Windt, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, IAM David Bantz, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Alberto Martínez, 09/07/2018
- RE: [[cat-users]] CAT profile installer vs manual config, David Andrus, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, IAM David Bantz, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Felix Windt, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, David Andrus, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Tony Skalski, 09/07/2018
- Re: [[cat-users]] CAT profile installer vs manual config, Philippe Hanset, 09/07/2018
Archive powered by MHonArc 2.6.19.