hostapd - what "eap_authenticator" option actually is for?
fromkth+hostap at fastmail.fm
Thu Mar 17 06:50:13 EST 2005
Jouni Malinen wrote:
> On Wed, Mar 16, 2005 at 11:16:50AM +0100, Ajeet Nankani wrote:
>>Atleast for me it was little bit confusing also in the begning, this
>>eap_authenticator and then using this integrated eap_authenticator as a
>>radius for other APs in DS.
>>To make it more clear, I suggest Jouni to make a separate section in
>>hostapd.conf file for this integrated radius server and name the section
>>as INTEGRATED RADIUS SERVER, in which we move following options.
> Moving these (and eap_user_file) into a separate section sounds
> reasonable, but "integrated radius server" is not a correct name for it.
> This configuration is for (integrated) EAP authenticator, not RADIUS
> server. The RADIUS server can also use this EAP authenticator, but these
> fields are generic to the EAP authenticator which can be used both
> without RADIUS and with RADIUS.
>>and if possible rename eap_authenticator as "integrated_radius_server"
> I do not agree with this change, eap_authenticator is used to enable EAP
> authentication that can be used as an intergrated authentication
> server (without RADIUS) and/or EAP authenticator for a RADIUS server
> that other devices can use. In other words, this option does not enable
> RADIUS server (but it is needed for the RADIUS server).
I understand that it does not enable RADIUS server, but it does enable
minimal RADIUS like functionality in authenticator, or to keep it
simple(to hide which part in AP enables this functionality) we can say
that this option enables very minimal RADIUS AS in AP, in that case its
name should reelect what it does. See my comments below to support name
My understanding is that Authenticator is an element in AP which relays
EAP packets from STA to AS(whether Co Located or external). But this
Authenticator is enabled automatically when 802.1x is enabled, hence
eap_authenticator option has nothing to do with enabling of AP
authenticator itself, but name "eap_authenticator" of this option
Am i right here?
So we should use a name which reflects what it does, May be the name i
suggested before is not a good candidate, but we can find some other
suitable name. What about "co_located_minimal_RADIUS_AS"
More information about the HostAP