HostAP + WEP rekeying + hostapd.conf

[Joshua Wright]

> > 2. Is there any method to use EAP-TLS without client 
> certification, using
> > something like 'login/password' ?
> 
> No. EAP-TLS is the protocol based on certificates. If you want to use
> 'login/password' authentintication consider using EAP-LEAP. It is
> is supported in the current CVS version of FreeRADIUS server.

Or EAP-MD5 as a standards-based alternative for password-only authentication.  IMHO, if you are going to the trouble do deploy 802.1X/EAP authentication, you should use an authentication method that uses TLS or some other strong encryption such as PEAP (RSA, Cisco, Microsoft) or TTLS (Funk, Meetinghouse).

<soapbox>I would prefer to see TTLS or PEAP support over LEAP, since TTLS and PEAP are both submitted drafts to the IETF as 802.1X EAP extensions.  Cisco is starting to license LEAP to other OEM's, but they still won't disclose how the protocol works without signing their NDA and giving them your first born.</soapbox>

-Joshua Wright
Senior Network and Security Architect
Johnson & Wales University
Joshua.Wright at jwu.edu 
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73