Thread continued from freeradius-users list..
As I mentioned previously, I have the PEAP changes completed
to save/retrieve reply attributes on authentication failure.
I’ve examined the TTLS code and I have a question. The
code to retrieve the saved reply attributes is done in a different place in the
authenticate function as compared to the PEAP code. I’m wondering if
this was intentional? If not, do you see a problem moving this code from the
switch on status == EAPTLS_SUCCESS to the switch on rcode ==
PW_AUTHENTICATION_ACK (which was changed from RLM_MODULE_OK in
ttls.c:eapttls_process)? I would then add similar code to the rcode ==
PW_AUTHENTICATION_REJECT to retrieve the saved reply attributes. Alternatively,
I could add EAPTLS_FAIL to the switch on status and retrieve the attributes in
that block (and then return 0 as it does in the default block).
I’m looking for some advice because I have no way of
testing/debugging the TTLS code and I’m concerned about breaking it. I’m
also concerned because the code in the switch on status “returns” on
EAPTLS_SUCCESS in rlm_eap_ttls whereas it falls through in rlm_eap_peap to the
switch on rcode (TTLS only falls through when status == EAPTLS_OK).
Thanks..