PMK caching with Different Usernames?
Last Post: November 11, 2010:
-
Hi,
I Connected my Wireless Station to AP with PEAP username is xyz.Same wireless station with same security to same AP with username abc.Does PMK caching will happen? -
You mean will PMK caching still work if you change the username of your station before roaming back? Why not. The PMKID, which is a hash of the PMK and MACs of the station and AP, will still be the same. Or if you mean the username for authentication is changed, why not, because the point of PMK caching is to skip the original authentication.
-
I ment is true will PMK caching will work or again EAP exchange will happen?yes station is same i changed only username rest of things are same.
-
In theory, the PMK caching protocol and formula should work with the same client device but a different user. In actuality, I'm almost certain that AP/WLC coding ties a PMK to a user (if they don't, they definitely should), so it is highly unlikely that different users of the same device would share a PMK. The whole point of PMK caching is to accelerate roaming, not to accelerate an initial 802.1X/EAP exchange. New users should always have to perform a full 802.1X/EAP authentication. The PMK should not (and I suspect will not) be shared by multiple alternating users of the same device. There's no advantage to using the PMK for different users, and it would introduce a major security design flaw.
- 1