fast auth time with EAP_TLS?

Alan DeKok aland at ox.org
Wed Feb 8 19:35:32 CET 2006


Andrea G Forte <andreaf at cs.columbia.edu> wrote:
> The problem is that it is taking too little time for the
> authentication process to complete.

  Why is that a problem?

>  In the attached file you can see one authentication process
> captured using kismet and then parsed with Ethereal.

  <sigh> Why is it impossible to run the server in debugging mode, and
to read the output?  That will tell you ever so much more than
ethereal.

  And the packet captures you've done are on the wireless side.  The
RADIUS side is much more interesting.

> As you cane see the time from Assoc. resp to the first encrypted
> data packet is only 222 msec. About a year ago it was of the order
> of one second (and all the literature says so). Has WPA2 improved
> the authentication time so much?

  If the user is authenticated, why do you care?  If the whole EAP
process happens properly, why do you care?

  Alan DeKok.




More information about the Freeradius-Users mailing list