EAP-SIM authorize
Alan DeKok
aland at deployingradius.com
Wed Aug 29 11:10:57 CEST 2007
Bohák András wrote:
> I am working on a modified rlm_sim_files which uses an SQLite database
> instead of the text file.
See dictionary.freeradius.internal. The SIM triplets can be obtained
as normal attributes from ANY database.
You would be better off writing an SQLite plugin for rlm_sql, I think.
> It works, but within one run of the EAP-SIM
> protocol, the module runs 3 times (once for every incoming EAP message) and
> searches the database/file 3 times. This consumes valuable time and if I
> delete the triplet in the first run (I want to use a triplet only once), it
> won't even succeed to authenticate.
Yes. It's inefficient, but it works.
> Is there a way to solve this, I mean to tell the sim_files authorize module
> that it already provided the necessary auth info, and should just say OK
> without any search? Is the eap_sim module capable of rememering the
> RAND-SRES-Kc values?
No.
The simplest solution is to look at the recent 2.0.0-pre2 release.
You should be able to simplify the configuration so that the keys are
only looked up when needed.
Alan DeKok.
More information about the Freeradius-Devel
mailing list