Integrated EAP server

Jouni Malinen jkmaline
Wed Aug 30 19:33:04 PDT 2006


On Wed, Aug 30, 2006 at 08:50:02AM -0700, Tran Thanh Dinh wrote:

>   I have a question concerning the integrated EAP
> server issue. In the README file, it's written that
> "It only requests the identity of the Supplicant and
> authorizes any host that is able to send a valid EAP
> Response frame." Does it mean: the integrated server
> send to supplicant via the authenticator entity a
> EAP-Request / Identity. If the Supplicant is able to
> send back a EAP-Response /Identity, it is
> authenticated?

This paragraph is not valid anymore and has not been valid for long
time. Please ignore it; I removed it from the development branch.

>   Another thing concerns the EAP-Success message.
> Normally this message is sent from the authentication
> server. Once the authenticator receives this message,
> the controlled port is authorized. In case of
> integrated server, is it still the same please?

Yes.

>   As I understand, the integrated server is really
> simple in hosapd and it is not able to manage session,
> etc. The only one thing it does is: send
> EAP-Request/Identity, receive EAP-Response/Identity
> and send EAP-Success. Could you please confirm if I am
> right?

No, that is not correct in hostapd 0.4.x and 0.5.x. The integrated
authentication server has full support for number of EAP methods.

>   I got to know from the hostapd.conf file that "
> hostapd can be used as a RADIUS authentication server
> for other hosts. This requires that the integrated EAP
> authenticator is also enabled and both
>  authentication services are sharing the same
> configuration." Does it mean that we can have the
> authenticator and Radius authentication server running
> on the same machine and the Radius server acts as an
> external server?

Yes.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list