pmkid in association request

Jouni Malinen j
Tue Dec 23 00:23:30 PST 2008

On Mon, Dec 22, 2008 at 07:16:48PM +0530, Paresh Sawant wrote:

> I have 2 linksys access points (WRT54GL), both belong to same ssid,

> wpa_supplicant successfully manages to associate using eap-ttls with both
> APS, but I notice while reassociating with either of the APs, even though
> the association request carries valid PMKID in RSN IE, AP chooses to do
> complete EAP-TTLS instead of skipping PMKSA. But it does NOT behave this way
> when I have only one AP running, it honors the pmkid carried in the
> association request and skips the PMKSA jumping directly to PTKSA.

Just to make sure I understood your test scenario:

AP1 -> AP1 uses PMKSA caching

AP1 -> AP2 does not (as expected, since AP2 did not yet know PMK)

did you try AP1 -> AP2 -> AP1 (the second reassociation could use PMKSA

If you want to get the first reassociation to use PMKSA caching, you
would also need to enable RSN pre-authentication (or opportunistic key
caching if the APs support that).

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list