Random info: PEAP/SoH in fact *does* send traffic inside the tunnel on
session resumption - the spec has the SoH exchanged even when resumed,
adding a round trip, but it doesn't re-run the inner mschap auth. Weird.
The authentication state hasn't changed if the session can be
re-established. The authorisation state however, may have, which is why
the SoH is sent on every authentication attempt.
If you didn't send the SoH on resumption, the neat 'spot check' and
periodic re-checking that you can do using various triggers for
re-authentication would go away.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
