5 Jun
2010
5 Jun
'10
1:30 a.m.
Andreas Hartmann wrote:
well, I thought about the problem with reauth: Why must there be passwords in the session?
There shouldn't be passwords in the session. There should be a *name* in the session.
That's why it shouldn't be necessary to have these Keys in the Session or in the response (the client didn't send any password, too).
At the moment of adding the Password to the session, the handshake has been done already.
I have no idea why you think it's adding passwords to the session. It's not.
Therefore, I did the following change (-> for testing only!!!! This should be used only with EAP/tls for testing - no warranty!):
That change removes the fix added in 2.1.8. It *will* break your system. Alan DeKok.