EAP-TLS - Authentication succeeds with in-correct "private_key_passwd"

Christ Schlacta aarcane
Thu Oct 7 12:03:10 PDT 2010


  An inability to break a working config is hardly a bug.  PMKSA should 
never flush unless it's failed, and flushing any sooner, or forcing 
re-authentication sooner is wasteful of bandwidth and other resources.  
This should be classified as a feature, not as a bug.

On 10/7/2010 11:59 AM, saurav barik wrote:
> Yes, logoff followed by logon also skips reauth. I tried forcing a
> reauth using eapol_sm_request_reauth() in "logon" path. Still it does
> not reauth. I am wandering whether it should be considered as a
> known-issue in wpa_supplicant or is this behavior acceptable. I
> believe wpa_supplicant should reauthenticate if there is a change in
> EAP-TLS related config. Should I flush PMKSA caching in logon path as
> well? Is there any command-line config option(from wpa_cli) for it?
>
> Please advise.
>
> Thanks,
> Saurav
>
> On Tue, Oct 5, 2010 at 11:58 PM, Jouni Malinen<j at w1.fi>  wrote:
>> On Tue, Oct 05, 2010 at 06:40:59PM +0530, saurav barik wrote:
>>> Is there any way to trigger a forced reauthentication from a running
>>> wpa_supplicant? wpa_cli config options does not have it.
>> When using IEEE 802.1X/EAP, logoff follow by logon would do this without
>> reassociation and reassociate will do this in all security modes
>> (though, PMKSA caching may be used to skip EAP authentication in that
>> case).
>>
>> --
>> Jouni Malinen                                            PGP id EFC895FA
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap




More information about the Hostap mailing list