Linus> Sounds like a libradsec issue. Is that correct? Out of
Linus> curiosity, can you elaborate on the comment about lacking an
Linus> EAP key in the success (RADIUS authn) case?
no.
This is the trust anchor between the EAP supplicant and EAP server.
so, if a RADIUS server returns a premature success indication before eap
actually succeeds, the client will not have an EAP key.
OUr state machine requires that for the next step.
So, we'd fail at that stage rather than having a mutual authentication
security problem.
>>>>> "Linus" == Linus Nordberg <email address hidden> writes:
Linus> Sounds like a libradsec issue. Is that correct? Out of
Linus> curiosity, can you elaborate on the comment about lacking an
Linus> EAP key in the success (RADIUS authn) case?
no.
This is the trust anchor between the EAP supplicant and EAP server.
so, if a RADIUS server returns a premature success indication before eap
actually succeeds, the client will not have an EAP key.
OUr state machine requires that for the next step.
So, we'd fail at that stage rather than having a mutual authentication
security problem.
--Sam