Josh Howlett wrote: > It normally tunnels inside other methods. OK. I'll hack the code to force that to be true.
> Sure, but do the FreeRADIUS PEAP and TTLS implementation support running > an EAP method for AuthN followed immediately by EAP-TNC within the same > tunnel? Nope. It shouldn't be too hard to add, though. > The difficulty that I saw when I looked at the code, IIRC, is that > FreeRADIUS re-uses the same functions (and therefore the same > assumptions of what is permitted and what isn't) for the 'outer' EAP > session as it does for the 'inner' session. That doesn't matter, really. The TTLS/PEAP modules can be hacked again. "If first tunneled method returned Access-Accept, run another tunneled method..." > That's not a requirement, but a likely deployment scenario. EAP-TNC has > no transport security, and depends on the transport layer for > confidentiality, etc. Ok. I'll hack the code to force that to be true. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html