MS-MPPE keys in proxy
Alan DeKok
aland at deployingradius.com
Tue Sep 18 16:33:41 CEST 2012
M Arif wrote:
> I am having trouble understanding the EAP-TLS authentication when
> requests are proxied.
There is nothing magic.
> I want to know how MS-MPPE-Send-Key and MS-MPPE-Recv-Keys are
> transferred in proxy..
They are transferred verbatim by the proxy.
> since these keys contain values calculated with
> EAP-Messages exchanged hashed with shared secret bla bla.
The *values* are transferred verbatim. The *encrypted* versions are
decrypted when the proxy receives a reply from the home server, and
encrypted by the proxy when it sends a reply to the client.
> Does the proxy
> keep its own EAP state and varialbe and calculates the Message
> Authenticator. or free-radius ignores these keys when exchanging EAP
> messages.
That questions makes no sense.
The process of handling the MPPE keys is *exactly* the same as
proxying User-Password. There is no magic. It is very simple.
Alan DeKok.
More information about the Freeradius-Devel
mailing list