Jouni Malinen j
Fri Sep 24 22:51:23 PDT 2010

On Thu, Sep 23, 2010 at 10:08:00AM +0100, Panagiotis Georgopoulos wrote:

> Thanks for your reply Jouni. So, would the client, when connects to Access
> Point 2 just try to do key negotiation? 

Assuming WPA2/RSN is used here.. If the client already has a PMKSA with
the AP, it could try to use just 4-way handshake to get a new key (PTK).

> It seems to me that fast_reauth is a setting that hostapd should have had,
> so that if an AP has seen a client a few minutes ago to just do key
> negotiation instead of asking for his identity to do a full reauth with a
> backend AAA server. 

That's not what fast_reauth is for. PMKSA caching is a functionality
defined in IEEE 802.11 and it is always enabled in hostapd when WPA2/RSN
is used. It is up to the client to indicate that it has the key (PMK)
when associating. If hostapd has a matching PMKSA, only 4-way handshake
is used and there won't be any communication with the backend AAA

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list