Name
EAP-Message
Synopsis
Attribute Number |
79 |
Length |
3 or more octets |
Value |
STRING |
Allowed in |
Access-Accept, Access-Reject, Access-Challenge, Access-Request |
Prohibited in |
Accounting-Request, Accounting-Response |
Presence in Packet |
Not required |
Maximum Iterations |
Unlimited in Access-Request and Access-Challenge packets;1 in Access-Accept and Access-Reject packets |
This attribute serves as the method by which EAP messages are
transmitted within a RADIUS packet. The RADIUS client machine places
all of the messages received from the client into individual
EAP-Message
attributes and wraps them into a
standard Access-Request
packet. The RADIUS server
then returns EAP messages in Access-Challenge
,
Access-Accept
, and
Access-Reject
messages.
The Message-Authenticator
attribute (detailed a
bit later in this chapter) is required to be present if this
attribute is used; this is to protect the integrity of RADIUS over
EAP to the same degree that EAP affords transactional integrity on
its side of the link. The Message-Authenticator
must be used to protect all Access-Request
,
Access-Challenge
,
Access-Accept
, and
Access-Reject
messages which hold one or
more
EAP-Message
attributes.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.