pmkid in association request

Paresh Sawant paresh.sawant at gmail.com
Fri Dec 26 23:49:07 EST 2008


my goal is to simulate the roaming environment. So I'm just changing the
ssid name and not turning off the power.

But I guess as you pointed out, even the change of ssid may be flushing the
pmksa cache.

Any better ideas to simulate roaming?

On Sat, Dec 27, 2008 at 12:03 AM, Jouni Malinen <j at w1.fi> wrote:

> On Tue, Dec 23, 2008 at 02:09:58PM +0530, Paresh Sawant wrote:
>
> > 2.2>I start AP2(ssid = "linksis-wpa2-ttls"), and after AP2 is up and
> > running, I stop AP1. wpa_supp receives "media connect" for AP2, and it
> > performs RSNA with AP2 successfully.
> >
> > 2.3> I start AP1 again (without any change in configuration), and after
> AP1
> > is up and running, I stop AP2. wpa_supp receives "media connect" for AP1,
> > and it performs RSNA with AP1 successfully.
> >
> > Conclusion: I see an issue in <2.3>, since AP1 does not honor the pmkid
> in
> > association request, it performs the full EAP again. Since wpa_supp sends
> > correct PMKID in association, I was expecting AP1 to directly jump to
> PTKSA,
> > but it does not happen that way.
>
> How exactly did you "stop AP1"? If you just power cycled it, the PMKSA
> cache was cleared and the AP won't recognize the PMKID anymore. This is
> expected behavior. PMKs are unlikely to be cached in non-volatile
> memory (and really shouldn't be from security view point).
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20081227/71fb1653/attachment.htm 


More information about the HostAP mailing list