EAP-SIM authorize

Alan DeKok aland at deployingradius.com
Wed Aug 29 11:10:57 CEST 2007


Bohák András wrote:
> I am working on a modified rlm_sim_files which uses an SQLite database 
> instead of the text file.

  See dictionary.freeradius.internal.  The SIM triplets can be obtained
as normal attributes from ANY database.

  You would be better off writing an SQLite plugin for rlm_sql, I think.

> It works, but within one run of the EAP-SIM 
> protocol, the module runs 3 times (once for every incoming EAP message) and 
> searches the database/file 3 times. This consumes valuable time and if I 
> delete the triplet in the first run (I want to use a triplet only once), it 
> won't even succeed to authenticate.

  Yes.  It's inefficient, but it works.

> Is there a way to solve this, I mean to tell the sim_files authorize module 
> that it already provided the necessary auth info, and should just say OK 
> without any search? Is the eap_sim module capable of rememering the 
> RAND-SRES-Kc values?

  No.

  The simplest solution is to look at the recent 2.0.0-pre2 release.
You should be able to simplify the configuration so that the keys are
only looked up when needed.

  Alan DeKok.



More information about the Freeradius-Devel mailing list