Alan DeKok wrote:
I try not to do releases on a Friday, but this one may be useful.
This release fixes a crash in session resumption seen by a few people. It also fixes an issue where it was possible to convince the server to do session resumption, even if the underlying session had not finished authentication.
Everyone should either upgrade, or set "enable = no" in the EAP "cache" section.
Worth pointing out in case anyone forgets to read the above release notes carefully: You will have to set up a persist_dir to get fast reauth working again, as the in-server cache is now disabled. Read the new comments in mods-available/eap near the tls-common/cache subsection. Note for SELinux systems, the default for persist_dir in mods-available/eap is currently: "${logdir}/tlscache" It might make sense to change this to: persist_dir = "${db_dir}/tlscache" ...where ${db_dir} is usually /var/lib/radiusd ...and then set the tlscache directory up under /var/lib/radiusd/ rather than /var/log/radiusd, because radiusd_var_lib_t policy is already the way you want it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html