[RADIATOR] random EAP authentication errors since 4.17

Heikki Vatiainen hvn at open.com.au
Thu Apr 20 08:26:31 UTC 2017


On 24.1.2017 14.58, Hartmaier Alexander wrote:
> On 2017-01-24 12:57, Heikki Vatiainen wrote:

>> I think we'll need to think about an interface for this. This
>> discussion has been useful to understanding the custom use cases, so
>> rather than moving it, I' say it's better to provide a documented call
>> or similar to do this.

> That would be great! Can you name a timeframe how soon you would have a
> patch for us to decide if we implement the current solution or wait for
> the documented one?

Getting back to this: The current Radiator 4.17 patch set includes 
eaptls_resume_post_auth_hook.pl in goodies that shows how to customise 
authentication results. What the sample hook shows should be more simple 
and better way to do what we discussed earlier. It also does away the 
need to know about how internals that could change in the future.

The example shows how to work with non-resumed and resumed TLS sessions. 
There's no need to call any of the Net::SSLeay methods since the context 
now has the necessary information about how and if the resumption was done.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.


More information about the radiator mailing list