Modifying EAP Messages

Jouni Malinen jkmalinen at gmail.com
Tue Mar 17 21:58:47 CET 2009


On Tue, Mar 17, 2009 at 7:40 PM, Arran Cudbard-Bell
<A.Cudbard-Bell at sussex.ac.uk> wrote:
> On 17/3/09 16:26, Jouni Malinen wrote:
>> There is specification available for all the needed functionality and
>> you should be able to find example code on how to do this in hostapd
>
> Very interesting. Which version/ git branch is this available in ?

TNC support (including experimental SoH code) was added in 0.6.x, so
as far as releases are concerned, 0.6.8 would be the best start (or
just use the git development branch if you want to get latest version,
but I don't think there has been SoH related changes since 0.6.8).

> Just found an explanation of the other magical 'Crypto binding' check box.
> It appears it's used to check that the phase 1 and phase 2 endpoints were
> actually the same server. Have you done any work this feature ?

Yes, that is also supported in both hostapd (PEAPv0 server) and
wpa_supplicant (PEAPv0 peer) version 0.6.8. That needed quite a bit of
experimentation and guesses since the specification was not exactly
correct (but could now be since I asked it to be fixed). Anyway, the
source code in hostapd is known to interoperate with Windows XP SP3
and Vista supplicant, so that is probably a good place to look at if
someone wants to add this to FreeRADIUS.

- Jouni



More information about the Freeradius-Users mailing list