EAP SIM - fresh RANDs
sateesh busam
sateesh_nitw at yahoo.co.in
Mon Apr 21 16:51:19 CEST 2008
Hi,
Is free radius compliant to RFC 4186? In particular, with respect to section 10.9 which says,
The EAP server MUST obtain fresh RANDs for each EAP-SIM full
authentication exchange. More specifically, the server MUST consider
RANDs it included in AT_RAND to be consumed if the server receives an
EAP-Response/SIM/Challenge packet with a valid AT_MAC, or an
EAP-Response/SIM/Client-Error with the code "insufficient number of
challenges" or "RANDs are not fresh". However, in other cases (if
the server does not receive a response to its
EAP-Request/SIM/Challenge packet, or if the server receives a
response other than the cases listed above), the server does not need
to consider the RANDs to be consumed, and the server
MAY re-use the
RANDs in the AT_RAND attribute of the next full authentication
attempt.
If compliant, how to configure it to generate fresh RANDs?
Thanks,
Sateesh
Forgot the famous last words? Access your message archive online at http://in.messenger.yahoo.com/webmessengerpromo.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080421/b4daf406/attachment.html>
More information about the Freeradius-Users
mailing list