Hi,
I'm implementing an EAP method, named EAP-PSK, under
FreeRADIUS (See
http://perso.rd.francetelecom.fr/bersani/EAP_PSK/EAP-PSK.htm
for more details about this new EAP method).
I would like to implement EAP request reemission when
a bad response has been received in order to reduce
simple DoS
};
- In the eap_types.h file, modify the PW_EAP_MAX_TYPES
constant to 255.
I agree that this solution is not optimal, e.g. we
have to declare 255 EAP-Types in order to use only the
EAP-Type 255 :-( But it works :-)
Aurelien Magniez
Yahoo! Mail : votre e-mail
};
- In the eap_types.h file, modify the PW_EAP_MAX_TYPES
constant to 255.
I agree that this solution is not optimal, e.g. we
must declare 255 EAP-Types in order to use only the
EAP-Type 255 :-( But it works ;-)
Aurelien Magniez
Yahoo! Mail : votre e-mail personnel
Hi Alan,
Your patch is nice, but it still doesn't let us
use EAP-Type of 255,
unless you add more code supporting it.
Until there's code to use the experimental
EAP-Type, there isn't any
reason to add this patch.
Alan DeKok.
I just forgot to precise that this patch should be
Sending this e-mail in behalf of Florent Bersani:
Hi Alan,
Aurelien forwarded me your remark on the identity
attribute format. Many
thanks for taking the time to read it and giving some
feedback.
The main difference between EAP-SIM (as well as
EAP-PSK) and EAP-TTLS
attribute format (as
.
Doing that implies the EAP method will have to guess
the value of the EAP Identifier field of the next EAP
Request packet ?
Aurelien Magniez
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail sur http
Hi Alan,
Many thanks for your remark, I have transfered it to
the EAP-PSK design team and they should come back to
you by tomorrow after having studied the TTLS design
you suggest.
However, when you say If you want to convince people
to use your system, re-using existing code design is
Hi,
I'm writing an EAP method for FreeRADIUS and I tested
some error cases last week in order to understand the
FreeRADIUS behavior. I'm asking oneself some questions
about it:
1) When the client doesn't respond, the AP will
dissassociate it 30 seconds after and end the
authentication procedure.
Hi,
I also wrote a C++ module under FreeRadius. Look at
this page :
http://lists.cistron.nl/archives/freeradius-devel/2004/04/msg1.html
Aurélien Magniez
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail
Hi,
In short, this mail is about EAP methods
accessing/using the EAP identifier field.
In details, after reading the Packet modification
attacks paragraph in the RFC 2284bis (It is
RECOMMENDED that methods providing integrity
protection of EAP packets include coverage of all the
EAP header
attributes) ?
- And is there a function which add/modify a user ?
Or Have I to do that by using a sql script for example
?
Many thanks in advance,
Aurelien Magniez
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail
Perhaps, Is it possible to use the function that the
server calls in order to check if a user is valid ?
Thanks in advance
Aurelien Magniez
--- Alan DeKok [EMAIL PROTECTED] a écrit :
=?iso-8859-1?q?Aurelien=20Magniez?=
[EMAIL PROTECTED] wrote:
- Is there a function which allows to check
Sorry to bother you with this problem :-(
I'll delete this round trip in the EAP method.
Aurelien Magniez
Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
Dialoguez en direct
Hi,
I'm working on an EAP method. This method includes a
round trip for the identity of the peer (I).
This identity (I) may be different from the identity
given in the EAP Identity request.
So, I would like to check in the users file (or in my
sql table) if the identity (I) is valid for this
I have installed the latest snapshot. I added
rlm_eap_tst in the Makefile.in in the /src/main
directory and re-install radius.
when i launch radius : i have the following message
:
(i added tst{} in radiusd.conf)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
15 matches
Mail list logo