reauth-problem with WPA2-tls

Alan DeKok aland at
Sat Jun 5 07:30:06 CEST 2010

Andreas Hartmann wrote:
> well, I thought about the problem with reauth: Why must there be passwords
> in the session?

  There shouldn't be passwords in the session.  There should be a *name*
in the session.

> That's why it shouldn't be necessary to have these Keys in the Session or
> in the response (the client didn't send any password, too).
> At the moment of adding the Password to the session, the handshake has been done already.

  I have no idea why you think it's adding passwords to the session.
It's not.

> Therefore, I did the following change (-> for testing only!!!!
> This should be used only with EAP/tls for testing - no warranty!):

  That change removes the fix added in 2.1.8.  It *will* break your system.

  Alan DeKok.

More information about the Freeradius-Users mailing list