About eap-aka test with hostapd

Jouni Malinen j
Wed Mar 16 03:14:10 PDT 2011

On Tue, Feb 22, 2011 at 01:28:32AM +0000, ? ? wrote:
> the first step of send identity to server, but in eap_aka_determine_identity() of hostapd, I used the permanent identity with '0' prefix.
> it would said permanent user name not know, and will send identity request to peer again.
> I found the return value of eap_sim_db_identity_known() is -1 forever if permanent identity used. I don't know why?

The EAP-AKA server implementation in hostapd follows the recommendations
of RFC 4187 chapters and 4.1.4 to use the EAP-AKA specific
identity request. Consequently, the identity from EAP-Response/Identity
is ignored and EAP-Request/AKA-Identity is used to request the identity
for EAP-AKA purposes.

> And what the meaning of 'before_identity'? I found the value is set 0 when process identity response from peer again.

This is used to handle the initial enforcement of the EAP-AKA identity

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list