On Mon, Oct 26, 2015 at 07:09:39PM +0000, Natarajan, Saravana wrote: > On using the code of wpa_supplicant-2.4, with valid username and invalid password, > MS-Chapv2 process eap_mschapv2_process returns the error and in the function eap_mschapv2_failure on seeing the error Authentication failure retry is not happening. > Do you have any fix for this issue? Will it need to retry authentication? What need to be implemented here in TODO context. > > } else if (retry && data->prev_error == ERROR_AUTHENTICATION_FAILURE) { > /* TODO: could try to retry authentication, e.g, after having > * changed the username/password. In this case, EAP MS-CHAP-v2 > * Failure Response would not be sent here. */ > return NULL; > } What kind of use case are you thinking of here? A user re-entering the username and/or password again during the EAP authentication exchange? I'm not sure that I would be convinced of that being very helpful and sufficient justification for the added complexity since you could as well just run through the full EAP exchange after the new username/password becomes available. For a case that should not really happen that frequently, this would need good justification to work in extending this.. Currently, wpa_supplicant does have an implementation of the MSCHAPv2 password change operation which is somewhat similar code path, but for a different use case where that use case actually justified the additional complexity (needed to be able to change an expired password in some cases). -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap