cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: "Michael Davies (Infrastructure Mgr)" <Michael.Davies AT gowercollegeswansea.ac.uk>, "'db AT alaska.edu'" <db AT alaska.edu>, 'Alan Buxey' <alan.buxey AT gmail.com>
- Cc: "'cat-users AT lists.geant.org'" <cat-users AT lists.geant.org>
- Subject: Re: [[cat-users]] eduroam Issue
- Date: Thu, 13 Dec 2018 13:25:55 +0100
- Autocrypt: addr=twoln AT umk.pl; keydata= mQENBEvhYBEBCADIlSk8hnUtSfZ1hLbuqiUxTiBtm65lM6OlxjYnWEsH/boOsVS/WdFZebwK 53eg280UcX9VDjFjy5rimsknCvxabnxk13AF//t9mN9tq5MmIkIcRIpLrtqc8Q0s0E84cNzB bDMtRzAd7JUTmKyAnkKE9i2R9FJKzeR9TTeKtBdgXHtUKPHPGOdxUUv8UWKxsj9AYi2CgN98 jiWLx6lTIpaWegWxIyih7WUKSf43Bpi6wFxhfOxteLyQUpIlGg4CasTVGpFsha8KzlupXOLG Tl3hXtQFWvE0tl1GidvTyuQlOzsZ1vjTNEzI25VTkOIgP4IYcWSkP74p/a239ZcTOHhZABEB AAG0IFRvbWFzeiBXb2xuaWV3aWN6IDx0d29sbkB1bWsucGw+iQE4BBMBAgAiBQJL4WARAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA8PEwxkb+lPgkeB/9NAGlmopLel6EEDFz2 ra3KLBx8kXT3G1K/YYyrjDwNjCkAmm0evzQx8g9vPX2OzvE6Ai2Xi9hPd2K/ShPFPcgJzzjr h9H1XYfBb2N/tRwN9tb4XO5i9Tsa4jP+SG8h2yQY57QOeFy16joDmIZiZrAEIGpqqSV24PrX FSo2d1E4dMswqDXlEYk9hwbdW9H4zOQrnDZeRlRx/RW/cmWTd8r5C12dKhlT/D/fBkL3eYT7 rnjHtS+ArnMUsxu2Z/q6bmxqRyv4Vn4pR0n699iLa0ol2hWeQJFaZyTA7JksW8zWu/Zasd9K Dw3jM59vs/SXVdG8pMexAzH5jmEEAgwYwUbVuQENBEvhYBEBCACgAz/z7VTnCsPSBUrjCLyS j+eRtr2tQzSU48Qa5hOcIxAKQJQNgOOqs0Mq9fT9lV+OttaYyKtijt1+G2dVMETVFkdZmM0c g8pVJp398993v89U/iwjfvNoqCM/9z312Poha/oL/EOk+gWYxZbyQ18SY69va2WHr6Pl3bzR 6BQpb86W85MreQ2lxd76b6BgjOXA/b39YyU/fMeFQd+wDpT3K1fUr89dYRnyzQIxTBSPOMLQ ShHKc/S8dStbNlLNcnaiyBOsH4A7b6IizQGqyVHBeL7u05X0/ZVdEIgsO3NmQouqY0/WjBdV qg4EsI1VvvgwXKWafP1MryLy4ZcnNjQZABEBAAGJAR8EGAECAAkFAkvhYBECGwwACgkQPDxM MZG/pT6lUQf8DC3i15okq3VycbpTYuH6f1lQkqanMS0z4z8F6xtCeXq0DBFk0ZzAU/mCwc3V PdUVGtRKGjouSAB1HDeTvAth1vY0oOJG3kXBwkcui3QxM3sxksNCRLLwcZVnsK9rt6UVp5aG qBwKf44BSApGyHNuKDhCfMCQHueqlfhJYfXocw6KDObvTkwygHLmw93ohV66v26yNvGo6+q2 qTDykGyuicACPDTyJTWFh2IwwZFAdzcc7St8aKkXFk0zWvoriWHeTLUnuFw7HN640IJkG74a 4NGco2yPc7Cz6q59rgE9xydOOXRdmnfiuJu0kQvQocD1rVLjW3qXdnxPd2/FhO4vWg==
- Openpgp: preference=signencrypt
|
Indeed, I have also observed that Windows 10 will not prompt the user for new credentials, it will just fail silently. Tomasz
W dniu 12.12.2018 o 10:22, Michael
Davies (Infrastructure Mgr) pisze:
Hi David
We are seeing evidence to the contrary where by the user cannot enter their new password and carry on using eduroam, it just fails to connect until they remove the profile and enter their new password which is then stored in the new profile on the device.
Alan, I will investigate the use of using EAP-TLS certs & may review our password policy as a last resort.
Thanks for your input all.
From: IAM David Bantz [mailto:dabantz AT alaska.edu]
Our pre-deployment testing of expired password behavior of supplicants on most current release of iOS, Android, macOS, and Windows with CAT-installed profiles determined that it is not necessary to re-install the profile for a changed password in the authentication source. Of course the supplicants configured with invalid password will fail to connect; but if the user manually initiates connection to eduroam SSID, they are prompted for the correct password; once the correct new password is entered, automatic connection to eduroam is restored. YMMV
David Bantz U Alaska
On Tue, Dec 11, 2018 at 6:47 AM Alan Buxey <alan.buxey AT gmail.com> wrote: hi,
yes, unfortunately most mobile platforms have issues with stored profile passwords if the user has changed them - repeated failures to auth - usually remeied easily by just rejoining the network after forgetting it (at that point, if not using a deployment tool such as eduroamCAT, the new connection will be without checking the RADIUS cert correctly).
so, use EAP-TLS certs instead (self-enroll using their current user/password to get a cert that is only for wireless) - Aruba clearpass etc etc
or maybe look at your password policy - why changing them every 3 months? the current security best practices is to ensure the password is strong and ONLY change it if there is a reason to believe that its been compromised, use multi factor auth where possible etc.
https://www.ncsc.gov.uk/articles/problems-forcing-regular-password-expiry
alan To unsubscribe, send this message:
mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users Disclaimer - This email is intended for the addressee(s) only. If however you have received this email in error, please delete all copies of it and any attachments, and treat the contents as confidential. We apologise for any inconvenience this may cause. The views and opinions expressed in this email message are those of the author and must not be assumed to be those of the college. This email has been checked by anti-virus software. The college accepts no liability for any damages related to receipt of this email, howsoever caused. --
Tomasz Wolniewicz
twoln AT umk.pl http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
|
Attachment:
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
- [[cat-users]] eduroam Issue, Michael Davies (Infrastructure Mgr), 12/11/2018
- Re: [[cat-users]] eduroam Issue, Stefan Winter, 12/11/2018
- Re: [[cat-users]] eduroam Issue, Alan Buxey, 12/11/2018
- Re: [[cat-users]] eduroam Issue, IAM David Bantz, 12/11/2018
- RE: [[cat-users]] eduroam Issue, Michael Davies (Infrastructure Mgr), 12/12/2018
- Re: [[cat-users]] eduroam Issue, Tomasz Wolniewicz, 12/13/2018
- Re: [[cat-users]] eduroam Issue, IAM David Bantz, 12/13/2018
- Re: [[cat-users]] eduroam Issue, Tomasz Wolniewicz, 12/13/2018
- RE: [[cat-users]] eduroam Issue, Michael Davies (Infrastructure Mgr), 12/12/2018
- Re: [[cat-users]] eduroam Issue, IAM David Bantz, 12/11/2018
Archive powered by MHonArc 2.6.19.