1.1 EAP 定义了一个身份验证的框架,支持多种验证算法。
1.2 EAP 对下层的传输协议没有依赖,自己提供可靠传输。具体来说,采用一一应答的方式,每一时刻处于传输过程中的消息只有一个。这种方式效率比较低,不适合用作大量数据传输。
1.3 EAP 复用模型
1.3.1 Lower layer. The lower layer is responsible for transmitting and receiving EAP frames between the peer and authenticator.
1.3.2 EAP layer. The EAP layer receives and transmits EAP packets via the lower layer, implements duplicate detection and retransmission, and delivers and receives EAP messages to and from the EAP peer and authenticator layers.
1.3.3 EAP peer and authenticator layers. Based on the Code field, the EAP layer demultiplexes incoming EAP packets to the EAP peer and authenticator layers.
1.3.4 EAP method layers. EAP methods implement the authentication algorithms and receive and transmit EAP messages via the EAP peer and authenticator layers.
1.4 EAP一共支持4种消息:Request/Response/Success/Failure
2. RADIUS Support For Extensible Authentication Protocol (EAP); rfc3579
2.1 In RADIUS/EAP, RADIUS is used to shuttle RADIUS-encapsulated EAP Packets between the NAS and an authentication server. EAP-Message and Message-Authenticator attributes are introduced to support EAP.
2.2 Example
3. The EAP-TLS Authentication Protocol; rfc5216
3.1 EAP-TLS (Transport Layer Security) 在EAP协议的基础上,提供了一种 "certificate-based" 双向的身份验证和密钥生成机制
4. Basic case
No comments:
Post a Comment