Does hostapd support EAP-AKA fast re-authentication?
dennis dang
dennis.dang1130
Mon Aug 30 01:16:56 PDT 2010
Hi All,
I'm trying to do some EAP-AKA authentication test with radius server.
I'm using the following testbed. Strongswan-4.3.6 is used as the EAP-AKA
peer and server. Hostapd-0.6.10 is used as the radius server.
Testbed:
Radius server / HLR_Auc
|
|
|
H1 --------- NUT1 ===================== NUT2
--------- H2
EAP-AKA
peer EAP-AKA server
Tunnel IPsec is configured between NUT1 and NUT2 to protect traffic between
H1 and H2.
During the test, I launched ping from H1 to H2, then NUT1 is authenticated
by Radius server with EAP-AKA, and IPSec SAs are negotiated. Then I
terminate the connection on NUT1 and launched ping again to make a second
authentication. Since the milenage implementation in charon and in hostapd
are different, so I modified one of them (hostapd) a little to yield the
"quintuplets"..
The question is that, always full authentication is performed. I looked into
the code it seems that hostapd could process FAST RE-AUTHENTICATION, but
always a new "sm" structure is allocated, and a full authentication is
performed.
Do I miss something ?
Thanks for any reply.
Regards,
Dennis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20100830/0453e01d/attachment.htm
More information about the Hostap
mailing list