If say you want to set up a PKI and use EAP-TLS to authenticate all users and computers.
A computer's certificate is stored on that computer. But how can a user have a certificate? Where is it stored? What if a user logs in from another computer, how will he provide his certificate for client authentication?