You should store the following attributes against the key
`&Next-Paeudonym-Id`:
-- `&session-State:Permanent-Identity`::The permanent identity of the user.
+- `&session-state.Permanent-Identity`::The permanent identity of the user.
If a failure rcode is returned authentication continues but the
Next-Pseudonym-Id will not be sent to the supplicant.
You should restore the contents of the following attributes using
`&Next-Pseudonym-Id` as a key:
-- `&session-State:Permanent-Identity`::The permanent identity of the user.
+- `&session-state.Permanent-Identity`::The permanent identity of the user.
NOTE: If you're using 3GPP style encrypted pseudonyms, you should
decrypt the pseudonym here, and store the decrypted value in
- `&session-state.Counter`:: How many times this session has
been resumed.
- `&session-state.Session-Data`:: The master session key.
-- `&session-State:Permanent-Identity`::(optionally) the permanent
+- `&session-state.Permanent-Identity`::(optionally) the permanent
identity of the user.
If a failure rcode is returned, authentication continues but the
- `&session-state.Counter`:: How many times this session has
been resumed.
- `&session-state.Session-Data`:: The master session key.
-- `&session-State:Permanent-Identity`::(optionally) the permanent
+- `&session-state.Permanent-Identity`::(optionally) the permanent
identity of the user.
The following rcodes have special meanings in this section:
#
# ### EAP-SIM
#
- # Triplets can be provided using control attributes:
- #
- # * `&control.EAP-SIM-KC`
- # * `&control.EAP-SIM-RAND`
- # * `&control.EAP-SIM-SRES`
- #
- # NOTE: Three instances of each attribute must be provided.
- #
- # Alternatively triplets can be generated locally using
- # control attributes:
- #
- # * `&control.SIM-Ki`
- # * `&control.SIM-OPc`
- # * `&control.SIM-Algo-Version` (optional - see defaults below)
- #
- # UMTS Milenage inputs (AMF, SQN) are ignored.
- #
- # `&control.SIM-Algo-Version` selects the SIM algorithm used,
- # it must match the algorithm used by the SIM.
- #
- # Accepted values for `SIM-Algo-Version` are:
- #
- # * `Comp128v1`
- # * `Comp128v2`
- # * `Comp128v3` (default if no &control.SIM-OPc)
- # * `Comp128v4` (default if &control.SIM-OPc is available)
- #
- # NOTE: In general operators will not provide the Ki (subscriber
- # key) for their `SIM cards`, as the Ki is considered highly
- # sensitive.
- #
- # Local triplet generation is intended for testing and
- # research purposes where programmable or virtual SIM cards
- # are in use.
- #
sim {
#
# virtual_server:: EAP-SIM virtual server containing policy
# copy the outer session-state list to the final reply.
#
update {
- &outer.session-state: += &reply
+ &outer.session-state. += &reply
}
}
#
# protected_success = no
- #
- # virtual_server:: Same as for `TTLS`, `PEAP`, etc.
- #
-# virtual_server = ""
-
# request_identity:: Send a AKA-Identity message to request
# an additional identity to the one from the EAP-Identity-Response.
#
# ephemeral_id_length:: The length of any pseudonyms or
# fastauth identities we generate (not including hint byte).
#
- # See sites-available/eap-aka-sim for details on how to trigger
- # the generation of pseudonym or fastauth identities.
- #
# ephemeral_id_length = 14
#
# You should store the following attributes against the key
# `&Next-Paeudonym-Id`:
#
- # - `&session-State:Permanent-Identity`::The permanent identity of the user.
+ # - `&session-state.Permanent-Identity`::The permanent identity of the user.
#
# If a failure rcode is returned authentication continues but the
# Next-Pseudonym-Id will not be sent to the supplicant.
# You should restore the contents of the following attributes using
# `&Next-Pseudonym-Id` as a key:
#
- # - `&session-State:Permanent-Identity`::The permanent identity of the user.
+ # - `&session-state.Permanent-Identity`::The permanent identity of the user.
#
# NOTE: If you're using 3GPP style encrypted pseudonyms, you should
# decrypt the pseudonym here, and store the decrypted value in
# - `&session-state.Counter`:: How many times this session has
# been resumed.
# - `&session-state.Session-Data`:: The master session key.
- # - `&session-State:Permanent-Identity`::(optionally) the permanent
+ # - `&session-state.Permanent-Identity`::(optionally) the permanent
# identity of the user.
#
# If a failure rcode is returned, authentication continues but the
# - `&session-state.Counter`:: How many times this session has
# been resumed.
# - `&session-state.Session-Data`:: The master session key.
- # - `&session-State:Permanent-Identity`::(optionally) the permanent
+ # - `&session-state.Permanent-Identity`::(optionally) the permanent
# identity of the user.
#
# The following rcodes have special meanings in this section:
* certificate chain.
*
* @note As a byproduct of validation, various OIDs will be extracted from the
- * certificates, and inserted into the session-state: list as fr_pair_t.
+ * certificates, and inserted into the session-state. list as fr_pair_t.
*
* @param ok preverify ok. 1 if true, 0 if false.
* @param x509_ctx containing certs to verify.
projects / thirdparty / freeradius-server.git / commitdiff
