Modifying EAP-Response/Identity

Jouni Malinen j
Sun Aug 2 11:16:53 PDT 2015


On Thu, Jul 23, 2015 at 12:34:41PM +0000, Pereida Garcia Cesar wrote:
> I am using the eapol_test tool for developing a new EAP method. I've read through the documentation but I can't find an answer to my issue.
> 
> Is it possible to modify the identity (I need to concatenate a string) of the configuration file before replying to the EAP-Request/Identity? If so, when/which method should be used to modify before sending the EAP-Response/Identity?

You might be able to do that with the get_identity() callback function
to the EAP method. This is normally used for overriding the identity
string for reauthentication purposes, but it looks like this gets called
even for the initial use of an EAP method.

> Another quick question, after an EAP-Failure is received from the server, are the state machines maintained for a period of time?

That depends on configuration and whether you enable support for
reauthentication. eapol_test exits immediately in normal case (use -r
command line argument to request multiple rounds). With wpa_supplicant,
state machines for EAP data can be maintained for the duration of the
connection, but that is mainly (only?) for success case. With
EAP-Failure, the EAPOL state machines might last longer in wired IEEE
802.1X cases. Though, EAP state machine may get removed immediately on
failure.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list