EAP-Handshakes: every reply runs the full authorize-section
Rainer Brinkmann
brinkman at uke.uni-hamburg.de
Mon Jun 11 08:23:52 CEST 2007
FreeRADIUS Version 1.1.0:
Hello,
we run EAP-TTLS and what we get in Debug-Mode is, that every received
EAP-Packet within the TLS-Tunnel-establish runs the complete
authorize-section and slows down the overall time to create a TTLS-Tunnel.
Reason is, that the User-Name e.g. "NTB-BRINK-610", which is the
EAP-Identity, comes with every received EAP-Packet and is always checked
against the full authorize-section. Is it possible to skip this redundant
checks in the following EAP-responses that build a specific EAP-Session?
(the EAP-Idents cant be resolved in our LDAP, cause that machinenames are
always unknown to us. What we have to check are the inner-Tunnel -
credentials)
kind regards
Rainer Brinkmann
Network-Management
University-Clinicum Hamburg / Germany
--
Pflichtangaben gemäß Gesetz über elektronische Handelsregister und Genossenschaftsregister sowie das Unternehmensregister (EHUG):
Universitätsklinikum Hamburg-Eppendorf
Körperschaft des öffentlichen Rechts
Gerichtsstand: Hamburg
Vorstandsmitglieder:
Prof. Dr. Jörg F. Debatin (Vorsitzender)
Dr. Alexander Kirstein
Ricarda Klein
Prof. Dr. Dr. Uwe Koch-Gromus
More information about the Freeradius-Users
mailing list