Updating dictionary.erx based on Juniper documentation

[freeradius.git] / doc / rlm_sim_triplets

diff --git a/doc/rlm_sim_triplets b/doc/rlm_sim_triplets
index 623b46c..4f47a1c 100644 (file)
--- a/doc/rlm_sim_triplets
+++ b/doc/rlm_sim_triplets
@@ -41,8 +41,8 @@ SIMTRIPLETS.DAT:
 
        imsi            - just a string
        challenge       - 16-byte value in hex.
-       kc              - 4-byte value in hex, the client key (Kc)
-       sres            - 8-byte value in hex, the secure response
+       sres            - 4-byte value in hex, the secure response
+       kc              - 8-byte value in hex, the client key (Kc)
 
   Note that EAP-SIM requires *three* sets of triplets, so there must be
 three challenges found in the file. The first three challenges are used.
@@ -50,11 +50,17 @@ three challenges found in the file. The first three challenges are used.
   Space and tabs are not permitted.
 
 AUTHORIZATION
-  
+ 
   Note, if the NAS continues to send the User-Name attribute in subsequent
 access-requests (such as continuations of the EAP-sim protocol), then the
-authorization process will be repeated. It is important that the same
-attributes are returned.
+authorization process will be repeated.
+  EAP-sim will capture the first set of attributes, so if they change, that
+is okay.
+
+  A future version of this module may look at the presence of the EAP-Identity
+attribute to determine if attributes must be retrieved.
+  However, in the general case, one might not know one wants to even do the
+EAP-Start to ask for the identity, until one has seen the username.
 
   If this module is successful at retrieving three sets of triplets, then
 the EAP-Type: attribute will be set to SIM. The EAP module itself will set
@@ -62,7 +68,7 @@ the Auth-Type to EAP when it sees the EAP-Message attribute.
 
   See rlm_eap for details about the attributes used in EAP-sim.
 
-
+$Id$