EAP-Handshakes: every reply runs the full authorize-section

Rainer Brinkmann brinkman at uke.uni-hamburg.de
Mon Aug 13 11:53:12 CEST 2007


i forgot:

thanks for the info


----- Original Message ----- 
From: "Arran Cudbard-Bell" <A.Cudbard-Bell at sussex.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Monday, June 11, 2007 10:16 AM
Subject: Re: EAP-Handshakes: every reply runs the full authorize-section


> Rainer Brinkmann wrote:
>> FreeRADIUS Version 1.1.0:
>>
>> Hello,
>> we run EAP-TTLS and what we get in Debug-Mode is, that every received
>> EAP-Packet within the TLS-Tunnel-establish runs the complete
>> authorize-section and slows down the overall time to create a 
>> TTLS-Tunnel.
>> Reason is, that the User-Name e.g. "NTB-BRINK-610", which is the
>> EAP-Identity, comes with every received EAP-Packet and is always checked
>> against the full authorize-section. Is it possible to skip this redundant
>> checks in the following EAP-responses that build a specific EAP-Session?
>> (the EAP-Idents cant be resolved in our LDAP, cause that machinenames are
>> always unknown to us. What we have to check are the inner-Tunnel -
>> credentials)
>>
>> kind regards
>>
>> Rainer Brinkmann
>> Network-Management
>> University-Clinicum Hamburg / Germany
>>
>>
>>
>
> Yep, this issue is reduced in 2.0 pre1 , the eap module will return
> handled (so will skip the rest of the authorise and authenticate
> sections) when it doesn't need to authenticate the user, or acquire
> attributes for authorisation/ authentication.
>
> 2.0pre1 brings to number of full autz/auth runs, down to around 3-4 per
> EAP authentication.
> -- 
> Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
> Authentication, Authorisation and Accounting Officer
> Infrastructure Services | ENG1 E1-1-08
> University Of Sussex, Brighton
> EXT:01273 873900 | INT: 3900
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 



-- 
Pflichtangaben gemäß Gesetz über elektronische Handelsregister und Genossenschaftsregister sowie das Unternehmensregister (EHUG):

Universitätsklinikum Hamburg-Eppendorf
Körperschaft des öffentlichen Rechts
Gerichtsstand: Hamburg

Vorstandsmitglieder:
Prof. Dr. Jörg F. Debatin (Vorsitzender)
Dr. Alexander Kirstein
Ricarda Klein
Prof. Dr. Dr. Uwe Koch-Gromus




More information about the Freeradius-Users mailing list