diff options
| author | Michael Brown | 2024-02-23 15:15:22 +0100 |
|---|---|---|
| committer | Michael Brown | 2024-02-23 17:37:07 +0100 |
| commit | 43e385091a36af34e495ac8c6595bddab55665bb (patch) | |
| tree | ac7aa27b06906a47859cb8cfd078a7744a2765bf /src/config/general.h | |
| parent | [eap] Allow MD5-Challenge authentication method to be disabled (diff) | |
| download | ipxe-43e385091a36af34e495ac8c6595bddab55665bb.tar.gz ipxe-43e385091a36af34e495ac8c6595bddab55665bb.tar.xz ipxe-43e385091a36af34e495ac8c6595bddab55665bb.zip | |
[eap] Add support for the MS-CHAPv2 authentication method
Add support for EAP-MSCHAPv2 (note that this is not the same as
PEAP-MSCHAPv2), controllable via the build configuration option
EAP_METHOD_MSCHAPV2 in config/general.h.
Our model for EAP does not encompass mutual authentication: we will
starting sending plaintext packets (e.g. DHCP requests) over the link
even before EAP completes, and our only use for an EAP success is to
mark the link as unblocked.
We therefore ignore the content of the EAP-MSCHAPv2 success request
(containing the MS-CHAPv2 authenticator response) and just send back
an EAP-MSCHAPv2 success response, so that the EAP authenticator will
complete the process and send through the real EAP success packet
(which will, in turn, cause us to unblock the link).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/config/general.h')
| -rw-r--r-- | src/config/general.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/config/general.h b/src/config/general.h index de009a87..c9cdb3dd 100644 --- a/src/config/general.h +++ b/src/config/general.h @@ -96,6 +96,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); * */ #define EAP_METHOD_MD5 /* MD5-Challenge port authentication */ +//#define EAP_METHOD_MSCHAPV2 /* MS-CHAPv2 port authentication */ /* * Name resolution modules |