Name
EAP-Message
Synopsis
|
Attribute Number |
79 |
|
Length |
3 or more octets |
|
Value |
STRING |
|
Allowed in |
Access-Accept, Access-Reject, Access-Challenge, Access-Request |
|
Prohibited in |
Accounting-Request, Accounting-Response |
|
Presence in Packet |
Not required |
|
Maximum Iterations |
Unlimited in Access-Request and Access-Challenge packets;1 in Access-Accept and Access-Reject packets |
This attribute serves as the method by which EAP messages are
transmitted within a RADIUS packet. The RADIUS client machine places
all of the messages received from the client into individual
EAP-Message attributes and wraps them into a
standard Access-Request packet. The RADIUS server
then returns EAP messages in Access-Challenge,
Access-Accept, and
Access-Reject messages.
The Message-Authenticator attribute (detailed a
bit later in this chapter) is required to be present if this
attribute is used; this is to protect the integrity of RADIUS over
EAP to the same degree that EAP affords transactional integrity on
its side of the link. The Message-Authenticator
must be used to protect all Access-Request,
Access-Challenge,
Access-Accept, and
Access-Reject messages which hold one or
more
EAP-Message attributes.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
