reauth-problem with WPA2-tls

Andreas Hartmann andihartmann at 01019freenet.de
Sat Jun 5 08:22:19 CEST 2010


Alan DeKok schrieb:
> Andreas Hartmann wrote:
>> well, I thought about the problem with reauth: Why must there be passwords
>> in the session?
> 
>   There shouldn't be passwords in the session.  There should be a *name*
> in the session.
> 
>> That's why it shouldn't be necessary to have these Keys in the Session or
>> in the response (the client didn't send any password, too).
>>
>> At the moment of adding the Password to the session, the handshake has been done already.
> 
>   I have no idea why you think it's adding passwords to the session.
> It's not.

I derived it from the PW_ prefix of the variable name, which is wrong. I
know it meanwhile.

>> Therefore, I did the following change (-> for testing only!!!!
>> This should be used only with EAP/tls for testing - no warranty!):
> 
>   That change removes the fix added in 2.1.8.  It *will* break your system.

I know that it was added because of another reported bug. And I know,
that my test-change can't be a solution (as I wrote myself). The problem
seems to be much deeper.


Kind regards,
Andreas



More information about the Freeradius-Users mailing list