Does hostapd support EAP-AKA fast re-authentication?
Mon Aug 30 01:16:56 PDT 2010
I'm trying to do some EAP-AKA authentication test with radius server.
I'm using the following testbed. Strongswan-4.3.6 is used as the EAP-AKA
peer and server. Hostapd-0.6.10 is used as the radius server.
Radius server / HLR_Auc
H1 --------- NUT1 ===================== NUT2
peer EAP-AKA server
Tunnel IPsec is configured between NUT1 and NUT2 to protect traffic between
H1 and H2.
During the test, I launched ping from H1 to H2, then NUT1 is authenticated
by Radius server with EAP-AKA, and IPSec SAs are negotiated. Then I
terminate the connection on NUT1 and launched ping again to make a second
authentication. Since the milenage implementation in charon and in hostapd
are different, so I modified one of them (hostapd) a little to yield the
The question is that, always full authentication is performed. I looked into
the code it seems that hostapd could process FAST RE-AUTHENTICATION, but
always a new "sm" structure is allocated, and a full authentication is
Do I miss something ?
Thanks for any reply.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Hostap