eapol_test and MSCHAPv2 691 - Retry allowed

Stefan Winter stefan.winter at restena.lu
Fri Mar 18 00:21:25 PDT 2016 

Hello,

here's a little feature request: when using eapol_test and talking to a
PEAP/MSCHAPv2 server without knowing the account password, usually the
conversation ends in Access-Reject immediately.

However, some servers send E=691 Retry Allowed back and wait for the
client side to send another password.

In these situations, eapol_test just sits there until ^C or timeout.
Sure: it has no other password to try, and there is no protocol message
for "Thanks for allowing, but I don't want to".

Question: would it be possible to bail out of the conversation instead
of waiting for timeout? I could imagine either
* eapol_test quitting with a matching error message
* eapol_test sending TLS close back, tearing down the EAP session in a
way that the server knows about it, too

The latter has the advantage of not leaving a "dangling" session on the
server as it waits for a response.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3227 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160318/42f60448/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3226 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160318/42f60448/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160318/42f60448/attachment.sig>

More information about the Hostap mailing list