On Mar 8, 2019, at 5:51 PM, Dr. Pala <direc...@openca.org> wrote: > > being fairly new to the EAP world, I noticed that in some environment, EAP is > layered on top of other protocols - in particular RADIUS and DIAMETER.
EAP was originally over PPP. Now it's mostly RADIUS. There may be increasing use in the Diameter space. > I guess that in some environments this make sense because of accounting > purposes across operators, however this makes the protocol stack quite > complicated. For TTLS, it can be: * Ethernet * IP * UDP * RADIUS * EAP * EAP-TTLS * TLS * EAP * EAP-MSCHAPv2 * MSCHAPv2 credentials Yes, it's complicated. > In particular, I was working on the definition of a PAM module to provide SSH > credentials delegation and I wanted to use EAP - however, I could not find an > implementation of EAP-over-TLS that could be easily used. hostap. It has both client and server implementations of most EAP types. See also "eapol_test" for an example of integrating it into a simple application. There's really no other choice. Open Source implementations of EAP are few and far between. On the server side, it's only hostap and FreeRADIUS. On the client side, it's hostap. There used to be "xsupplicant" and "open1x" on the client side, but those have been dead for 10 years. > In particular, the use of the Early truncation? Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
