Hi,
Is free radius compliant to RFC 4186? In particular, with respect to section
10.9 which says,
The EAP server MUST obtain fresh RANDs for each EAP-SIM full
authentication exchange. More specifically, the server MUST consider
RANDs it included in AT_RAND to be consumed if the server receives an
EAP-Response/SIM/Challenge packet with a valid AT_MAC, or an
EAP-Response/SIM/Client-Error with the code "insufficient number of
challenges" or "RANDs are not fresh". However, in other cases (if
the server does not receive a response to its
EAP-Request/SIM/Challenge packet, or if the server receives a
response other than the cases listed above), the server does not need
to consider the RANDs to be consumed, and the server
MAY re-use the
RANDs in the AT_RAND attribute of the next full authentication
attempt.
If compliant, how to configure it to generate fresh RANDs?
Thanks,
Sateesh
Forgot the famous last words? Access your message archive online at
http://in.messenger.yahoo.com/webmessengerpromo.php
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html