reauth-problem with WPA2-tls

Andreas Hartmann andihartmann at
Sat Jun 5 08:22:19 CEST 2010

Alan DeKok schrieb:
> Andreas Hartmann wrote:
>> well, I thought about the problem with reauth: Why must there be passwords
>> in the session?
>   There shouldn't be passwords in the session.  There should be a *name*
> in the session.
>> That's why it shouldn't be necessary to have these Keys in the Session or
>> in the response (the client didn't send any password, too).
>> At the moment of adding the Password to the session, the handshake has been done already.
>   I have no idea why you think it's adding passwords to the session.
> It's not.

I derived it from the PW_ prefix of the variable name, which is wrong. I
know it meanwhile.

>> Therefore, I did the following change (-> for testing only!!!!
>> This should be used only with EAP/tls for testing - no warranty!):
>   That change removes the fix added in 2.1.8.  It *will* break your system.

I know that it was added because of another reported bug. And I know,
that my test-change can't be a solution (as I wrote myself). The problem
seems to be much deeper.

Kind regards,

More information about the Freeradius-Users mailing list