[PATCH] Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to give better global and temporal uniqueness.

Nick Lowe nick.lowe at lugatech.com
Sat Feb 6 03:05:53 PST 2016


Just to note that this patch should be considered in conjunction with
the subsequent, dependent patch that adds an Acct-Session-Id to
Accounting-On and Accounting-Off, which the RFC mandates must be
present.

The RADIUS RFC shows its age and does not demand global and temporal
uniqueness for its session ids but this is something that can and
should be done by RADIUS clients as these are opaque tokens. There is
no reason not to do this, and there are many reasons why this should
be done.

RFC 3580 is also in error in its suggested construction for the
Acct-Multi-Session-Id as it is possible to get duplicate values when
NTP sync has not occurred. Its recommendation should not be followed
as it is bad practice.

Nick



More information about the Hostap mailing list