wpa_supplicant and EAP-TTLS/MD5-Challenge

Jouni Malinen jkmaline at cc.hut.fi
Wed May 12 00:36:14 EDT 2004


On Fri, May 07, 2004 at 11:25:44PM -0700, Jouni Malinen wrote:

> I added support for EAP-TTLS with tunnelled EAP-MD5-Challenge into the
> internal IEEE 802.1X Supplicant of wpa_supplicant. So far, I have tested
> this successfully with FreeRADIUS. Reports from tests using other
> authentication servers would be welcome..

Some changes were needed to this, but I was now able to complete
EAP-TTLS authentication with Funk Odyssey server. I needed to use an
external RADIUS server and forwarding for the inner EAP-MD5 part because
Odyssey did not seem to allow inner EAP to be processed locally. Anyway,
the TTLS part seemed to now work correctly.

I did this testing remotely with the supplicant encapsulating everything
in RADIUS messages. I did not verify whether WPA/WPA2 would have
succeeded after this. Anyway, the derived key from EAP-TTLS seemed to
match in Odyssey and wpa_supplicant logs, so everything should be fine
now in the CVS snapshot.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list