reauth-problem with WPA2-tls
Andreas Hartmann
andihartmann at 01019freenet.de
Sat Jun 5 08:22:19 CEST 2010
Alan DeKok schrieb:
> Andreas Hartmann wrote:
>> well, I thought about the problem with reauth: Why must there be passwords
>> in the session?
>
> There shouldn't be passwords in the session. There should be a *name*
> in the session.
>
>> That's why it shouldn't be necessary to have these Keys in the Session or
>> in the response (the client didn't send any password, too).
>>
>> At the moment of adding the Password to the session, the handshake has been done already.
>
> I have no idea why you think it's adding passwords to the session.
> It's not.
I derived it from the PW_ prefix of the variable name, which is wrong. I
know it meanwhile.
>> Therefore, I did the following change (-> for testing only!!!!
>> This should be used only with EAP/tls for testing - no warranty!):
>
> That change removes the fix added in 2.1.8. It *will* break your system.
I know that it was added because of another reported bug. And I know,
that my test-change can't be a solution (as I wrote myself). The problem
seems to be much deeper.
Kind regards,
Andreas
More information about the Freeradius-Users
mailing list