About eap-aka test with hostapd
Wed Mar 16 03:14:10 PDT 2011
On Tue, Feb 22, 2011 at 01:28:32AM +0000, ? ? wrote:
> the first step of send identity to server, but in eap_aka_determine_identity() of hostapd, I used the permanent identity with '0' prefix.
> it would said permanent user name not know, and will send identity request to peer again.
> I found the return value of eap_sim_db_identity_known() is -1 forever if permanent identity used. I don't know why?
The EAP-AKA server implementation in hostapd follows the recommendations
of RFC 4187 chapters 188.8.131.52 and 4.1.4 to use the EAP-AKA specific
identity request. Consequently, the identity from EAP-Response/Identity
is ignored and EAP-Request/AKA-Identity is used to request the identity
for EAP-AKA purposes.
> And what the meaning of 'before_identity'? I found the value is set 0 when process identity response from peer again.
This is used to handle the initial enforcement of the EAP-AKA identity
Jouni Malinen PGP id EFC895FA
More information about the Hostap