6 The module rlm_sim_files reads challenges/responses for use by the
7 EAP-SIM method. This module is a reference implementation for what someone
8 might do via a database or other system.
9 It provides for authorization only.
13 To configure this module, list is in modules.
14 An optional option to set the file name exists, it otherwise defaults to
15 ${raddbdir}/simtriplets.dat.
17 e.g: in radiusd.conf, modules {},
20 simtriplets = "/some/file"
24 in radiusd.conf, authorize {}, add:
31 The format of the file is one triplet per line, with the userid, aka
32 "imsi" first. Lines starting with # are considered comments.
34 imsi,challenge,kc,sres
38 232420100000015,34000000000000000000000000000000,34112233,445566778899AABB
43 challenge - 16-byte value in hex.
44 kc - 4-byte value in hex, the client key (Kc)
45 sres - 8-byte value in hex, the secure response
47 Note that EAP-SIM requires *three* sets of triplets, so there must be
48 three challenges found in the file. The first three challenges are used.
49 Also note that the "0x" for hex is not required, and is illegal.
50 Space and tabs are not permitted.
54 Note, if the NAS continues to send the User-Name attribute in subsequent
55 access-requests (such as continuations of the EAP-sim protocol), then the
56 authorization process will be repeated. It is important that the same
57 attributes are returned.
59 If this module is successful at retrieving three sets of triplets, then
60 the EAP-Type: attribute will be set to SIM. The EAP module itself will set
61 the Auth-Type to EAP when it sees the EAP-Message attribute.
63 See rlm_eap for details about the attributes used in EAP-sim.