EAP peer implementation from wpa_supplicant as a library
Jouni Malinen
j
Sun Dec 23 19:25:27 PST 2007
On Sun, Dec 09, 2007 at 07:31:36PM +0100, Alan DeKok wrote:
> The interface right now looks pretty good. Some comments:
>
> - exposing TTLS TLV data to the server would be useful
> - allowing the server to add TTLS TLV data would be useful
I would assume you are referring to TTLS AVPs here. Would this be mainly
to allow PAP/CHAP/MS-CHAP/MS-CHAPv2 to be implemented elsewhere or is
there some additional AVPs that are commonly transmitted within TTLS?
> - having method checks for PAP/CHAP/MS-CHAP in phase 2
> like is done for the EAP methods would be useful
I added a separate flags for this into struct eap_user (ttls_auth
bitfield). This changed the default behavior from all non-EAP phase 2
methods allowed to not allow any of them unless explicitly allowed in
this bitfield.
> - ability to completely control phase2 method would be good
> i.e. run one EAP library for phase1, and another for phase2
> it's weird, but it can catch corner cases and assumptions
This would likely require larger changes, but then again, designing a
nicer interface for this could also be useful from the view point of
simplifying the current design where EAP-PEAP/TTLS/FAST have their own
implementations.. This should probably also allow phase 2 to be proxied
to an external host or at least have hooks in place for such
functionality (i.e., having to wait for phase 2 reply).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list