cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Paul Jackson <pjackson AT ocadu.ca>
- To: Martin Pauly <pauly AT hrz.uni-marburg.de>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Subject: RE: [[cat-users]] Denying Eduroam access without using the CAT tool
- Date: Wed, 19 Oct 2022 14:51:29 +0000
- Accept-language: en-CA, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ocadu.ca; dmarc=pass action=none header.from=ocadu.ca; dkim=pass header.d=ocadu.ca; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h6A73HeCRz6Bn9uusGKpqj65e8NVnLtqPk3i41io9Uk=; b=PqHnRKUhTwQeDNsWSKWW1uISMRxefhdkJ8PieTNQ5Uqntc+8h7wAYDZQ3OmxvbMkip4lGGQPCprC6nis2PBbRU7dWKqMrkXqLHcjALJs/lgbcL0+90uxXiUwGdYvdWMDuLT7r01bxEU/1FySpYH/iVr4IYTmviD83nIwE7xTNwmG60jYCP/JjweZEYtGH41AD9t3HgZvO43r3ByDLXdWIVkaAvL/P6zD5VNNhHHtH4lhciHdiqHQQs1Ffyyjl83CAuo4GlPPwEIvLLuzmsIA649Vz5fPJmugoOJ4F2xNAyik3ss6QoTvmao23ydG0Mc3P2HD9/VIj0ypXrnCL8vbRQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lwM1S9Oc+8Wxmav2FxwahFi2LMTrx8+Jc2BJGyAELi/smmdPdk2lKMO7OzTKeKNUKYvc2OtqoykSJTEFDQd9sNKs96lEVfN34eo2FLToULy5Vzfq4efiGR8+zHe4e6S8hm7K5LdaunwRxhJCv45HILX36FLTz7bztJo8EEW2y4mAEFEOC1liqWQIOlZwBTIfy5xT0Ybdw/lvSORA7H8ia+Y71i7Y5HYl1nrgwwJtePFbCjjp3MlAtSnEPhwIZebI9yrEG2acEGgcX+nZqz+xvNQPOvM5Fh5D86tNf08qDPc+6/Q76UTcWloWC3vuhijY5qADfIc9DGBLbqH6pvSXsw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ocadu.ca;
Thanks Tomasz - I'll look into that.
Martin, I'm the Eduroam admin for OCADU. We don't currently push the CAT tool
due to issues with the user experience of the app. We may merge our main
campus SSID with Eduroam and require users use the app.
Paul
-----Original Message-----
From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org>
On Behalf Of Martin Pauly
Sent: Tuesday, October 18, 2022 5:38 PM
To: cat-users AT lists.geant.org
Subject: Re: [[cat-users]] Denying Eduroam access without using the CAT tool
On 18.10.22 22:44, Tomasz Wolniewicz (via cat-users Mailing List) wrote:
> One way (not completely watertight) is to set some special (not
> obvious) outer identity and require that all authentications have it.
> Of course users can set the same manually, but this requires some
> knowledge and what you relay want to exclude are users who just
> connect providing username and password.
... and most probably do not enable the all-essential certificate check.
This has been a huge security gap on thousands of (mainly Android) devices
for over a decade.
Happily, the BIG problem is going away beacause Google agreed to a standards
change and is removing the "CA: do not validate" option from all current
Android devices.
If you know how to get things straight manually, get the Android profile of
ocadu.ca from CAT, run xmltidy on it, extract the information and set up you
supplicant. Or let the app do the job, it's better at that than most humans.
Or ask their helpdesk. What Manufacturer and Android version do you have?
Martin
To unsubscribe, send this message:
mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link:
https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.geant.org%2Fsympa%2Fsigrequest%2Fcat-users&data=05%7C01%7Cpjackson%40ocadu.ca%7C5da5b6ff19b041f4cb4f08dab150ff72%7C06e469d12d2a468fae9b7df0968eb6d7%7C0%7C0%7C638017258689085154%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zVBq3ZQh5K%2F3xz7ZZIsipgCmaZptVS3%2BQ7l3I%2FfId8g%3D&reserved=0
- [[cat-users]] Denying Eduroam access without using the CAT tool, Paul Jackson, 10/18/2022
- Re: [[cat-users]] Denying Eduroam access without using the CAT tool, Tomasz Wolniewicz, 10/18/2022
- Re: [[cat-users]] Denying Eduroam access without using the CAT tool, Martin Pauly, 10/18/2022
- RE: [[cat-users]] Denying Eduroam access without using the CAT tool, Paul Jackson, 10/19/2022
- Re: [[cat-users]] Denying Eduroam access without using the CAT tool, Chris Phillips, 10/19/2022
- RE: [[cat-users]] Denying Eduroam access without using the CAT tool, Paul Jackson, 10/19/2022
- Re: [[cat-users]] Denying Eduroam access without using the CAT tool, Martin Pauly, 10/18/2022
- Re: [[cat-users]] Denying Eduroam access without using the CAT tool, Tomasz Wolniewicz, 10/18/2022
Archive powered by MHonArc 2.6.19.