Andreas Hartmann wrote: > well, I thought about the problem with reauth: Why must there be passwords > in the session?
There shouldn't be passwords in the session. There should be a *name* in the session. > That's why it shouldn't be necessary to have these Keys in the Session or > in the response (the client didn't send any password, too). > > At the moment of adding the Password to the session, the handshake has been > done already. I have no idea why you think it's adding passwords to the session. It's not. > Therefore, I did the following change (-> for testing only!!!! > This should be used only with EAP/tls for testing - no warranty!): That change removes the fix added in 2.1.8. It *will* break your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html