On Thu, Feb 24, 2005 at 01:53:20PM -0500, James Carlson wrote:
> That said, I see the point now, and, no, there's no option that
> currently does that. You'll need to add one or, better yet, make pppd
> just do that by default when EAP TLS client side is configured.
I resolved with this code in auth.c , link_established():
if(need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
status = EXIT_AUTH_TOPEER_FAILED;
return;
}
if (need_peer_eap && !ho->neg_eap){
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
status = EXIT_PEER_AUTH_FAILED;
return;
}
So if the need_peer_eap option is used the eap authentication can't
be skipped.
I don't use LCP Configure-Nak because, as you noticed, if the peer
doesn't ask eap, probably won't accept the suggestion.
Hi.
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
