Radius DAS won't work

Jouni Malinen j at w1.fi
Thu Feb 20 08:04:59 EST 2014


On Thu, Feb 20, 2014 at 10:43:29AM +0100, Robert Plestenjak wrote:
> PMKSA cache may not be acting properly. After it receives disconnect-message, connection is broken but then it accepts client by authenticating it with data from cache.

> Hostapd should probably ignore cached identity data in case of disconnect-message?

Agreed. PMKSA cache entry should have been removed when processing
Disconnect-Request. This is now implemented in the development tree. By
the way, there is also support for NAS identification attributes, so it
should be fine to include NAS-IP-Address as well.
 
-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list