EAP-TNC
Alan DeKok
aland at deployingradius.com
Tue Nov 27 15:23:42 CET 2007
Josh Howlett wrote:
> It normally tunnels inside other methods.
OK. I'll hack the code to force that to be true.
> Sure, but do the FreeRADIUS PEAP and TTLS implementation support running
> an EAP method for AuthN followed immediately by EAP-TNC within the same
> tunnel?
Nope. It shouldn't be too hard to add, though.
> The difficulty that I saw when I looked at the code, IIRC, is that
> FreeRADIUS re-uses the same functions (and therefore the same
> assumptions of what is permitted and what isn't) for the 'outer' EAP
> session as it does for the 'inner' session.
That doesn't matter, really. The TTLS/PEAP modules can be hacked
again. "If first tunneled method returned Access-Accept, run another
tunneled method..."
> That's not a requirement, but a likely deployment scenario. EAP-TNC has
> no transport security, and depends on the transport layer for
> confidentiality, etc.
Ok. I'll hack the code to force that to be true.
Alan DeKok.
More information about the Freeradius-Users
mailing list