About eap-aka test with hostapd
Jouni Malinen
j
Wed Mar 16 03:14:10 PDT 2011
On Tue, Feb 22, 2011 at 01:28:32AM +0000, ? ? wrote:
> the first step of send identity to server, but in eap_aka_determine_identity() of hostapd, I used the permanent identity with '0' prefix.
> it would said permanent user name not know, and will send identity request to peer again.
> I found the return value of eap_sim_db_identity_known() is -1 forever if permanent identity used. I don't know why?
The EAP-AKA server implementation in hostapd follows the recommendations
of RFC 4187 chapters 4.1.2.2 and 4.1.4 to use the EAP-AKA specific
identity request. Consequently, the identity from EAP-Response/Identity
is ignored and EAP-Request/AKA-Identity is used to request the identity
for EAP-AKA purposes.
> And what the meaning of 'before_identity'? I found the value is set 0 when process identity response from peer again.
This is used to handle the initial enforcement of the EAP-AKA identity
exchange.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list