[unisog] 802.1x Wireless Deployment

Jean-Paul Carter carter at ipfw.edu
Thu Apr 10 14:01:54 GMT 2003


We are going to use Funk's Odyssey client with their SBR product.  Since
the SBR program can do so much, we are having a little trouble with the
config files and getting them just right for everything, but we are
close.  We are now attempting to get it to work against novell
Edirectory and honnor the grace login mode and deduct from their grace
logins when their password is expired. 

>>> Ed Gibson <egibson at uwo.ca> 4/9/2003 3:49:56 PM >>>
We are looking at deploying 802.1x as a potential solution to the
insecurities associated with WEP. (i.e. implementation of dynamic key
exchange).

This of course has delved us into an analysis of TLS vs TTLS vs PEAP.
Our conclusion is that TTLS makes the most sense for us for the
following reasons:

TLS implies client certificate distribution and we would prefer to
avoid
that can of worms.

PEAP seems to have an affiliation with MD4 hashing, since our LDAP
implementation only supports MD5 hashes we were somewhat leery about
getting in to multiple copies of password hashes.

Which leaves TTLS as the least of all evils.  Deciding to focus on
EAP/TTLS has now put us into the quandary of determining what client
to
deploy. We have been able to identify three clients out there,
MeetingHouse, Funk Software's Odyssey client, or SecureW2 which has
been
just recently offered for free.

My question is has any one out there made similar conclusions? Or is
there any feedback available on our conclusions? And has anyone
completed any evaluation on these three client applications?

Not asking for too much am I ? :-)  Just figured we couldn't be the
only
ones playing around with this model and felt additional feedback would
be enlightening.

Ed Gibson
University of Western Ontario
Network Operations



More information about the unisog mailing list