(RADIATOR) EAP-FAST support added

Mike McCauley mikem at open.com.au
Mon Sep 3 18:44:46 CDT 2007

Hello all,

some of you may be interested to know that the latest Radiator 3.17.1 patch 
set adds support for EAP-FAST.

EAP-FAST is an EAP authentication protocol invented by Cisco and documented in
RFC 4851 and draft-cam-winget-eap-fast-provisioning-04. It is similar to TTLS
and PEAP, in that it establishes a TLS tunnel over Radius, and through the
tunnel, inner EAP authentication protocols (such as EAP-MSCHAPV2 or EAP-GTC)
can be used to authenticate the user. In contrast to TTLS and PEAP, there is a
mechanism for establishing and distributing Protected Access Credentials
(PACs) from a Radius server to 802.1X supplicants. These PACS are basically
reusable keys to allow EAP-FAST sessions to be reestablished securely.

Radiator 3.17.1+patches supports EAP-FAST, but in order to do so, it requires
a number of recently added features in OpenSSL and Net-SSLeay. The changes to 
OpenSSL were developed by Jouni Malinen as part of the wpa_supplicant 

These patches are provided, along with detailed instructions about how to 
apply them and configure Radiator to use EAP-FAST. It is expectd that future 
releases of OpenSSL and Net-SSLeay will work with Radiator EAP-FAST without 

   EAP-FAST has been tested against the following supplicants:
   Juniper Odyssey Acccess Client Manager 4.60.49455.0
   Cisco Secure Services Client
   wpa_supplicant 0.6.0

Feedback direct to me please.


Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list