Identity problem and MSK, EMSK management
mingyur at inventati.org
Sat Oct 21 02:45:27 CEST 2006
Hi ! i have 2 main problem, i've tried to find the solutions mostly in
rfc's and googleing around but without results !! i hope the questions
are not to stupid ... ; )
1) i'm developing and auth module for eap where the real identity of the
user is passed in the 3rd message ( in eap response identity there is a
fictitious string "anonymous" ) so i had to add an if( .. ) statement in
eap_start() that says something like that : if memcmp(request->username,
"anonymous" ...) && eap type is the one i'm developing set attribute
User-Name in request->username and in request->packet->vps to the real
identity (found in the packet receved).
And all goes well : rlm_sql finds the user in the db and gets all the
attributes from radreply table , so i can access them from
handler->request->reply->vps. The protocol continues but when a new
response comes from the supplicant the NAS, i suppose, sets the
attribute User-Name to "anonymous", is there a way to tell the NAS to
change the value of User-Name to the correct one ?!
the problem is that next messages will not get anymore the right user
because the section above will set the User-Name to something without
sense ... suggestions ?
2) the protocol derives also MSK and EMSK but i don't know where to put
them ! i have seen that eap_sim_sendsuccess(EAP_HANDLER *handler)
sets 2 proprietary valuepairs in handler->request->reply->vps
(MS-MPPE-Recv-Key , MS-MPPE-Send-Key)... should i do something like this
? with which attribute should i tell the NAS for the keys ?
Thank you !
More information about the Freeradius-Devel