12 Jan
2010
12 Jan
'10
9:11 a.m.
Stefan Winter wrote:
How does this work together with anonymous outer ids? I.e. if outer User-Name = anon@foo.bar and the inner User-Name is stefan@foo.bar, then the cache contains a session for stefan@foo.bar
Yes.
On session resumption, there is no inner tunnel exchange, there's a packet User-Name = anon@foo.bar and an EAP-Message with SSL magic (but no inner User-Name)... So how does FreeRADIUS know what to look up in the cache? Or am I missing something here?
There's an SSL identifier associated with the session: supplicant: I have SSL id 0x282674736733673 server: OK, it's in my cache. (Modulo various crypto operations to keep it secure) The server uses the Id to find the cache entry, and the cached User-Name. Alan DeKok.