>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes:
Rafa> Personally, I would send a GSS token with the EAP Success and
Rafa> the error code Authorization failed to the initiator. This
Rafa> would allow the initiator to know that authentication was ok
Rafa> but authorization failed. Thus, the initiator does not get
Rafa> confused at all about what happened.
I'd just send the error.
EAP success doesn't actually allow you to know much of anything because
it's pnot integrity-protected from the EAP server.
You need to send it in success cases so the state machines are in sync.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
