pmkid in association request
Jouni Malinen
j
Tue Dec 23 00:23:30 PST 2008
On Mon, Dec 22, 2008 at 07:16:48PM +0530, Paresh Sawant wrote:
> I have 2 linksys access points (WRT54GL), both belong to same ssid,
> wpa_supplicant successfully manages to associate using eap-ttls with both
> APS, but I notice while reassociating with either of the APs, even though
> the association request carries valid PMKID in RSN IE, AP chooses to do
> complete EAP-TTLS instead of skipping PMKSA. But it does NOT behave this way
> when I have only one AP running, it honors the pmkid carried in the
> association request and skips the PMKSA jumping directly to PTKSA.
Just to make sure I understood your test scenario:
AP1 -> AP1 uses PMKSA caching
AP1 -> AP2 does not (as expected, since AP2 did not yet know PMK)
did you try AP1 -> AP2 -> AP1 (the second reassociation could use PMKSA
caching)
If you want to get the first reassociation to use PMKSA caching, you
would also need to enable RSN pre-authentication (or opportunistic key
caching if the APs support that).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list