"Panagiotis Mavros" <[EMAIL PROTECTED]> wrote: > we are proposing a lightweight WLAN roaming architecture. This means that we > implement a roaming architecture for a small community. The scenario is > Client-->AP-->foreign server -->Home server and so on... > All this is done using EAP-MD5 authentication (only this authentication > scheme) and mysql for keeping user profiles.
Read "raddb/eap.conf". EAp-MD5 is not recommended for new installations. It's not secure. > The idea is to minimize the lenght of packets in order to provide faster > roaming. Huh? No wonder you're confused. The length of the packets makes ZERO difference for roaming. Read that again. ZERO. What you are trying to do is useless. > So what is proposed is to make some attributes have fixed length > : User-Name and Password. And as I explained already, there is NO PASSWORD attribute in the packet when EAP-MD5 is being used. > I must inform you that i dont know exactly the backgroung of this > "idea" but the description i give you is the description i got... Please go back to the person who gave you this requirement, and tell them they're wrong. Tell them they don't understand RADIUS. > believe that using fixed length usernames derives from the fact > that a small community has few members so we dont need 253 octets > for representing this field... I'm sorry, that statement is simply NONSENSE. The "253 octets" you're referring to is a maximum, NOT a requirement for every attribute. If you had spent 15 minutes spent reading the RFC's, you would have realized this. > So what i want is users to provide a 15 octet username and a 32 octet > password and radius server have the exact length in its packets for these > attributes. Then you will be requiring that the vast majority of packets are LARGER than what they are now. Yes, read that again: LARGER. If you want to know why, read the RFC's. > I havent searched yet about how EAP passes the password.I "know" the > procedure but i havent read yet the rfcs... It is bad engineering practice to design a solution when you don't understand the problem. Please go back to whoever gave you these requirements, and tell them that the requirements are wrong. Tell them they're wasting your time. Stop trying to "fix" a system you don't understand. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
