avoid EAP REQUEST ID
Gong Cheng
chengg11
Tue Mar 4 10:47:13 PST 2008
Hi Fernando,
It is true that the EAP Request/Identity (message 1 in your post) is initiated by Hostapd (the authenticator), but from the 2nd message on, the conversation is really between the supplicant and an RADIUS server. Particularly, the EAP Response/Identity message will be encapsulated by hostapd as a RADIUS Access Request message and serves as an indication to RADIUS server that there is an incoming authentication request. Without that message, RADIUS server wouldn't know it needs to send any challenge back, nor would it know whom this challenge is about without an Identity information first.
I don't think there is any easy way to make this happen. Unless you hack hostapd to always fake a EAP Id response to RADIUS server based on the incoming MAC (needs to translate that internally), but that doesn't look pretty. :)
-gong
Date: Mon, 03 Mar 2008 18:33:56 +0100
From: "fbernal at um.es" <fbernal at um.es>
Subject: avoid EAP REQUEST ID
To: hostap at lists.shmoo.com
Message-ID: <20080303183356.99hzc0new4gww0so at webmail.atica.um.es>
Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes";
format="flowed"
Hi all,
I'm working with HOSTAP and I want to avoid the sending of the EAP
REQUEST ID message and to start directly with the first message of a
EAP METHOD. See the following example to clarify.
message interchange in the EAP MD5 method.
1) A-> P: eap request/id
2) P->A: eap response/id
3) A->P: eap-md5 request
4) P->A: eap-md5 response
5) A->P: eap success
The idea is remove messages 1 and 2 when the mobile node attaches to
the access point.
So, my ask is: what's the part in the hostap's code that must be
modified to avoid the initial eap request/id?
Thank you very much,
Fernando.
More information about the Hostap
mailing list