hostapd - what "eap_authenticator" option actually is for?

Jouni Malinen jkmaline
Thu Mar 17 05:52:07 PST 2005


On Thu, Mar 17, 2005 at 12:50:13PM +0100, Ajeet Nankani wrote:

> I understand that it does not enable RADIUS server, but it does enable 
> minimal RADIUS like functionality in authenticator, or to keep it 
> simple(to hide which part in AP enables this functionality) we can say 
> that this option enables very minimal RADIUS AS in AP, in that case its 
> name should reelect what it does. See my comments below to support name 
> changing.

It does not enable "minimal RADIUS". No RADIUS functionality is used for
the authentication when the integrated EAP authenticator is used
directly from the IEEE 802.1X/EAPOL state machines.

> My understanding is that Authenticator is an element in AP which relays 
> EAP packets from STA to AS(whether Co Located or external). But this 
> Authenticator is enabled automatically when 802.1x is enabled, hence 
> eap_authenticator option has nothing to do with enabling of AP 
> authenticator itself, but name "eap_authenticator" of this option 
> suggests otherwise.

The authenticator you are talking about is IEEE 802.1X authenticator.
EAP authenticator is the server side endpoint for EAP authentication.
The name "eap_authenticator" is used because it enables functionality
called "EAP Authenticator".

> So we should use a name which reflects what it does,

We already do.

> May be the name i 
> suggested before is not a good candidate, but we can find some other 
> suitable name. What about "co_located_minimal_RADIUS_AS"

It has _nothing_ to do with RADIUS. Many RADIUS authentication servers
implement EAP authenticators, but so does many Diameter servers, and so
does EAP "servers". RADIUS is just one option for transfering the EAP
conversation.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list