Simul-posting - tks! - I think that answers my question on what goes on in
real deployments today.
I have a couple of quibbles though:
"You don't give the MSK to the NAS, that would defeat the entire point - MSK
is private between the radius server and EAP client, and is used to derive
further ke
Let me rephrase my question in another way (hopefully clearer):
NAS acting as EAP pass-thru' device
USER -- NAS --- FREERADIUS
+++EAP+==EAP over RADIUS== ()
EAP over RADIUS uses EAP-Message attribute.
After EAP completes we hav
>
> EAP-Message would be the obvious candidate.
>
>
>
I don't think this can be correct:
EAP-Message is used between NAS and FreeRadius to encapsulate the EAP
protocol between client and server.
The NAS couldn't tell that a particular EAP-Message should terminate at
itself in order to extract an
On Fri, Oct 10, 2008 at 4:31 PM, Alan DeKok <[EMAIL PROTECTED]>wrote:
> Richard Chan wrote:
> > After an EAP authentication which supports key derivation (MSK)
> > how does freeradius transport the MSK to an NAS(authenticator)? I.e.,
> > what kind of attribute is us
Hi all,
After an EAP authentication which supports key derivation (MSK)
how does freeradius transport the MSK to an NAS(authenticator)? I.e., what
kind of attribute is used?
(I am assuming that the EAP Server (freeradius) is a separate entity to the
NAS; NAS talks to freeradius
using RADIUS and ac
5 matches
Mail list logo
