Re: [Emu] EAP and Transport Protocol
Alan DeKok wrote: >> being fairly new to the EAP world, I noticed that in some environment, >> EAP is layered on top of other protocols - in particular RADIUS and >> DIAMETER. > EAP was originally over PPP. Now it's mostly RADIUS. There may be > increasing use in the Diameter space. I would say it differently, because radius and PPP are not equivalent. EAP was originally over-PPP connected to over-Radius. EAP is now more commonly over-802.1x connected over-Radius. With Diameter replacing Radius in some environments. EAP is "end-to-end" supplicant to Authentication Server. (I know you (Alan) know this, but others might not) > For TTLS, it can be: > * Ethernet > * IP > * UDP > * RADIUS > * EAP > * EAP-TTLS > * TLS > * EAP > * EAP-MSCHAPv2 > * MSCHAPv2 credentials > Yes, it's complicated. :-) > Open Source implementations of EAP are few and far between. On the > server side, it's only hostap and FreeRADIUS. On the client side, it's > hostap. > There used to be "xsupplicant" and "open1x" on the client side, but > those have been dead for 10 years. >> In particular, the use of the > Early truncation? lack of fragmentation :-) -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- signature.asc Description: PGP signature ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] EAP and Transport Protocol
On Mar 8, 2019, at 5:51 PM, Dr. Pala wrote: > > being fairly new to the EAP world, I noticed that in some environment, EAP is > layered on top of other protocols - in particular RADIUS and DIAMETER. EAP was originally over PPP. Now it's mostly RADIUS. There may be increasing use in the Diameter space. > I guess that in some environments this make sense because of accounting > purposes across operators, however this makes the protocol stack quite > complicated. For TTLS, it can be: * Ethernet * IP * UDP * RADIUS * EAP * EAP-TTLS * TLS * EAP * EAP-MSCHAPv2 * MSCHAPv2 credentials Yes, it's complicated. > In particular, I was working on the definition of a PAM module to provide SSH > credentials delegation and I wanted to use EAP - however, I could not find an > implementation of EAP-over-TLS that could be easily used. hostap. It has both client and server implementations of most EAP types. See also "eapol_test" for an example of integrating it into a simple application. There's really no other choice. Open Source implementations of EAP are few and far between. On the server side, it's only hostap and FreeRADIUS. On the client side, it's hostap. There used to be "xsupplicant" and "open1x" on the client side, but those have been dead for 10 years. > In particular, the use of the Early truncation? Alan DeKok. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] EAP and Transport Protocol
Hi EMU-ers, being fairly new to the EAP world, I noticed that in some environment, EAP is layered on top of other protocols - in particular RADIUS and DIAMETER. I guess that in some environments this make sense because of accounting purposes across operators, however this makes the protocol stack quite complicated. In particular, I was working on the definition of a PAM module to provide SSH credentials delegation and I wanted to use EAP - however, I could not find an implementation of EAP-over-TLS that could be easily used. In particular, the use of the -- Best Regards, Massimiliano Pala, Ph.D. OpenCA Labs Director OpenCA Logo ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
