AVP EAP-KEY name support in FR

Jouni Malinen jkmalinen at gmail.com
Mon May 12 16:44:24 CEST 2014


On Sun, May 11, 2014 at 11:50 AM, Alan DeKok <aland at deployingradius.com> wrote:
>   The key is created from SSL information.  There's no SSL in EAP-PWD
> from what I know.
>
>   Do you have opinions as to how it should work?  Or I supposed I could
> ping Dan Harkins and ask him...

The derivation of Session-Id is defined separately for each EAP
method. In the case of EAP-pwd, it is defined in RFC 5931. Sure, there
is no SSL involved in that case, but anyway, the Session-Id is defined
in a way that FreeRADIUS must already be generating it since that is
used in deriving MSK, i.e., the only thing that is missing is in
exposing that information as the Session-Id similarly to how TLS-based
methods do that.

- Jouni


More information about the Freeradius-Users mailing list