Alan DeKok schrieb: > Andreas Hartmann wrote: >> well, I thought about the problem with reauth: Why must there be passwords >> in the session? > > There shouldn't be passwords in the session. There should be a *name* > in the session. > >> That's why it shouldn't be necessary to have these Keys in the Session or >> in the response (the client didn't send any password, too). >> >> At the moment of adding the Password to the session, the handshake has been >> done already. > > I have no idea why you think it's adding passwords to the session. > It's not.
I derived it from the PW_ prefix of the variable name, which is wrong. I know it meanwhile. >> Therefore, I did the following change (-> for testing only!!!! >> This should be used only with EAP/tls for testing - no warranty!): > > That change removes the fix added in 2.1.8. It *will* break your system. I know that it was added because of another reported bug. And I know, that my test-change can't be a solution (as I wrote myself). The problem seems to be much deeper. Kind regards, Andreas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html