On 12.12.2016 17.45, Hartmaier Alexander wrote:

please respond how to:


Hello Alex, I'll reply to your previous messages about these, but I'll add quick notes below. Sometimes time just flies, I'm sorry for the slow response.

- log auth vs. session resumption

- handle session resumption in PostAuthHooks

For these, you can currently check Net::SSLeay::session_reused($context->{ssl}); are you wrote before. I'll have an alternative too I have thought for this.

- if the last_reply_attrs don't include the attributes added by a
PostAuthHook

More about this in its own message. These attributes are from tunnelled EAP's inner authentication. If you need to add, for example, VLAN attributes with a Hook, we can see how to do that.

- usability of FarmSize with PEAP-TLS when enabling EAP_UseState

EAP_UseState does not change this. It's the TLS state that lives within the SSL library that ties one TLS based EAP authentication session to one instance making it problematic with FarmSize (multiple instances).

Thanks,
Heikki

--
Heikki Vatiainen <h...@open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to