Comment 2 for bug 1438484
Revision history for this message
| Sam Hartman (hartmans) wrote Re: [Bug 1438484] Re: Incorrect trust anchor reported as radius authentication rejected | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
>>>>> "Linus" == Linus Nordberg <email address hidden> writes:
Linus> Sounds like a libradsec issue. Is that correct? Out of
Linus> curiosity, can you elaborate on the comment about lacking an
Linus> EAP key in the success (RADIUS authn) case?
no.
This is the trust anchor between the EAP supplicant and EAP server.
so, if a RADIUS server returns a premature success indication before eap
actually succeeds, the client will not have an EAP key.
OUr state machine requires that for the next step.
So, we'd fail at that stage rather than having a mutual authentication
security problem.
--Sam