Josh Howlett wrote:
It normally tunnels inside other methods.
OK. I'll hack the code to force that to be true.
Sure, but do the FreeRADIUS PEAP and TTLS implementation support running an EAP method for AuthN followed immediately by EAP-TNC within the same tunnel?
Nope. It shouldn't be too hard to add, though.
The difficulty that I saw when I looked at the code, IIRC, is that FreeRADIUS re-uses the same functions (and therefore the same assumptions of what is permitted and what isn't) for the 'outer' EAP session as it does for the 'inner' session.
That doesn't matter, really. The TTLS/PEAP modules can be hacked again. "If first tunneled method returned Access-Accept, run another tunneled method..."
That's not a requirement, but a likely deployment scenario. EAP-TNC has no transport security, and depends on the transport layer for confidentiality, etc.
Ok. I'll hack the code to force that to be true. Alan DeKok.