AVP EAP-KEY name support in FR
Jouni Malinen
jkmalinen at gmail.com
Mon May 12 16:44:24 CEST 2014
On Sun, May 11, 2014 at 11:50 AM, Alan DeKok <aland at deployingradius.com> wrote:
> The key is created from SSL information. There's no SSL in EAP-PWD
> from what I know.
>
> Do you have opinions as to how it should work? Or I supposed I could
> ping Dan Harkins and ask him...
The derivation of Session-Id is defined separately for each EAP
method. In the case of EAP-pwd, it is defined in RFC 5931. Sure, there
is no SSL involved in that case, but anyway, the Session-Id is defined
in a way that FreeRADIUS must already be generating it since that is
used in deriving MSK, i.e., the only thing that is missing is in
exposing that information as the Session-Id similarly to how TLS-based
methods do that.
- Jouni
More information about the Freeradius-Users
mailing list