AVP EAP-KEY name support in FR

Alan DeKok aland at deployingradius.com
Sun May 11 14:20:35 CEST 2014

Jouni Malinen wrote:
> I'm about to add this to eapol_test:
> http://w1.fi/cgit/hostap/commit/?h=pending&id=b1e268afbc36c6605ec74e13b1ee9883fa469b8a
> ('eapol_test: Check EAP-Key-Name'). However, while implementing that,
> I could not find where the format used by FreeRADIUS for EAP-Key-Name
> ("0x<hexstring>") is defined.

  Ah... it's a typo.  The file dictionary.rfc4072 had the attribute as
"string" instead of "octets".

  The distinction goes back to the start of FR, and the start of the
RADIUS RFCs.  The original RFCs had "string" type for everything,
printable and non-printable attributes.  I chose to split that into
"string/octets".  The RADIUS WG chose to split it into "text/string".

  Which has never made sense to me.

  Anyways... if you update the dictionary, the attribute will come out
correctly has a hex blob.

> Please also note that draft-ietf-radext-ieee802ext-12 adds this: "In
> addition, the RADIUS server SHOULD include this Attribute in an
> Access-Accept or CoA-Request only if an EAP-Key-Name Attribute was
> present in the Access-Request." which does not match the current
> FreeRADIUS behavior.

  OK.  I'll take a look, thanks.

  Alan DeKok.

More information about the Freeradius-Users mailing list