Shriram Jandhyala sjandhyala at paloaltonetworks.com
Wed Jan 17 15:37:00 PST 2018

The RFC says that challenges in the tunneled layer are allowed in TTLS-PAP.

But the code comments seem to indicate otherwise. From eap_peer/eap_ttls.c:
  /* EAP-TTLS/{MSCHAP,PAP,CHAP} should not send any TLS tunneled
    * requests to the supplicant */

Does wpa_supplicant support PAP challenges over TTLS-PAP?
If yes, how do I detect this? If no, is there a plan to add support for this?


| -----Original Message-----
| From: Shriram Jandhyala
| Sent: Thursday, January 11, 2018 7:52 PM
| To: 'hostap at lists.infradead.org' <hostap at lists.infradead.org>
| Subject: EAP-TTLS with PAP
| Hi,
| I'm trying to use EAP-TTLS with PAP to authenticate to an RSA server.
| When the RSA server issues a user challenge to change PIN, I do not see this
| request, and the auth times out.
| When I connect to the same server using PEAP-GTC, I get the
| eap_param_needed() with fld=WPA_CTRL_REQ_EAP_OTP, and
| txt="message from server".
| Does the wpa_supplicant support inner challenges over EAP-TTLS? And, if it
| does, how do I detect this?
| Thanks.
| Shriram

More information about the Hostap mailing list