On 30.11.2016 18.02, Hartmaier Alexander wrote:
Let me clarify our setup:
EAPTLS_CertificateVerifyHook parses the cert issuer and subject and
populates
$context->{customer} = $customer;
[cut]
Thanks, this clarifies the situation. You need to save information
across resumed authentications.
I assume that the PostAuthHook is also run for resumed sessions but
EAPTLS_CertificateVerifyHook isn't which leads to the lack of the
$context contents and thus the failure of the PostAuthHook.
Correct. Certificate verification runs only during full TLS handshake.
Handler's PostAuthHook runs always when Handler is finishing its work.
It does not matter if the TLS handshake within an AuthBy was full or
resumed.
I'll get back to you about how to save custom information across resumed
authentications. For more about what is saved now, see EAP.pm and
eap_save_resume_context and its counterpart just below. When thinking
about possible options would a hook work for you? Another possibly might
be to automatically save suitably named context variables, for example
$context->{custom_info} would be automatically saved and restored.
The reason for this change was to allow the user of State attribute with
EAP authentication and more clearly separate information that is needed
during one EAP authentication dialog from information that needs to be
kept across resumed authentications.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
