Hello Andreas,
thanks for taking the time to explain your analysis in that detail.
Andreas Steffen wrote:
> - What I can offer towards increased user friendliness is to
> differentiate between the server error messages:
> - On the EAP client the error message remains
>
> carol charon: 14[IKE] server requested EAP_MSCHAPV2 authentication
> carol charon: 14[IKE] EAP method not supported, sending EAP_NAK
That sounds good to me. You might think I'm fussy but I suggest a small
change: I would like the message to be
"server requested EAP method %N"
instead of
"server requested %N authentication"
This makes it easier for the not-so-well-informed user to associate this
message with the next one ("EAP method not supported, sending EAP_NAK").
The common term would be "EAP method". The administrator might not know
that "EAP_MSCHAPV2 authentication" is a an EAP method.
I would be perfectly happy if the last message was:
DBG1(DBG_IKE, "EAP method %N not supported, sending EAP_NAK",
eap_type_names, type);
I imagine an administrator searching the web for "EAP method
EAP_MSCHAPV2 not supported, sending EAP_NAK". The result of this search
quickly takes him to a posting on the mailing list, telling him to
--enable-eap-mschapv2 and --enable-md4.
Best regards
Daniel
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
