Held State after a Authentication Fail. Help to understand this state.

Jouni Malinen j
Tue May 13 17:34:10 PDT 2008

On Tue, May 13, 2008 at 05:20:06PM -0300, Douglas Diniz wrote:

> But if when hostap receive the first response identity, send it to radius
> server and wait for server response before receive the second response
> identity? This second response identity will also be sent to radius server?
> Sorry for this questions, I should search this myself on the state machine.

Authenticator (hostapd) is waiting for a single EAP Identifier in a
response (the one that matches the Identifier used in the last
transmitted EAP Request). If the sequence here would indeed make hostapd
wait for the response from the authentication server before receiving
the second response identity, the challenge received from the
authentication server would have already been sent out to the supplicant
when the second identity response is received. Consequently, the second
identity response would not have a match EAP Identifier and it would be
dropped, i.e., it would not be sent to the authentication server.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list