Which the client can send to the server in phase 2, as soon as the tunnel is established.
It MUST NOT be sent in the outer TLVs.
If the client does user && machine auth, it can send 2 identity hints. It's up to the server to parse those and figure out what they mean.
We should also note that this is a hint. It's only used to permit the server to select authentication methods. The actual identity sent for EAP / basic-password can be different. The identity hint should be otherwise ignored.
alandekok
commented
1 year ago
Which the client can send to the server in phase 2, as soon as the tunnel is established.
It MUST NOT be sent in the outer TLVs.
If the client does user && machine auth, it can send 2 identity hints. It's up to the server to parse those and figure out what they mean.
We should also note that this is a hint. It's only used to permit the server to select authentication methods. The actual identity sent for EAP / basic-password can be different. The identity hint should be otherwise ignored.