Jason Wittlin-Cohen wrote: > When authenticating via PEAP or TTLS with an anonymous identity, the log > shows both the anonymous identity and the real identity tunneled through > the TLS tunnel. However, when TLS session resumption (caching) is > enabled, only the anonymous identity is logged. This is presumably due > to the fact that the user is not actually sending the real ID and > password through the tunnel; rather the saved session is being used. > However, being that the tunneled username is still available, and > obtained from the cache, it should be available to log. Is this the > intended behavior?
The server hasn't been updated to log the cached user name. > It would seem that logging authentication attempts > would be more useful if the real username was provided in addition to > the anonymous identity. Yes. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html