No identities are seen before the server has to choose authentication method

[alandekok]

When using normal EAP, the server sees the EAP Identity before it selects which EAP type is being used.

However, with TEAP, the inner tunnel method (EAP or basic password) has to be chosen by the server before it sees any user identity. This limitation means that it is impossible for the server to divide users into groups, as with:

• users matching X get basic password auth
• all other users get EAP

Perhaps we have to define an Identity-Hint TLV which is sent by the peer as soon as the inner tunnel is established? The server can then use this hint to select which authentication method to use.

[alandekok]

Addressed with Identity-Hint in commit 19ea60411