About eap-aka test with hostapd

Jouni Malinen j at w1.fi
Wed Mar 16 06:14:10 EDT 2011


On Tue, Feb 22, 2011 at 01:28:32AM +0000, 彦 张 wrote:
> the first step of send identity to server, but in eap_aka_determine_identity() of hostapd, I used the permanent identity with '0' prefix.
> it would said permanent user name not know, and will send identity request to peer again.
> I found the return value of eap_sim_db_identity_known() is -1 forever if permanent identity used. I don't know why?

The EAP-AKA server implementation in hostapd follows the recommendations
of RFC 4187 chapters 4.1.2.2 and 4.1.4 to use the EAP-AKA specific
identity request. Consequently, the identity from EAP-Response/Identity
is ignored and EAP-Request/AKA-Identity is used to request the identity
for EAP-AKA purposes.

> And what the meaning of 'before_identity'? I found the value is set 0 when process identity response from peer again.

This is used to handle the initial enforcement of the EAP-AKA identity
exchange.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list