EAP/802.1X authentication without susbsequent data confidentiality
rupskyzaildar at gmail.com
Wed May 31 22:54:21 EDT 2006
Will try that. Thanks for your help Jouni. If that doesn't work, i will try
using the hostap driver for the AP.
On 6/1/06, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
> On Thu, Jun 01, 2006 at 12:33:11PM +1000, Rupsky Gill wrote:
> > I am using madwifi driver and hostapd to set up an Access Point and
> > i am using wpa_supplicant and madwifi for the STA.
> madwifi driver interface had some assumptions about hostapd only being
> used when data packets are encrypted.. I don't remember whether this has
> been fixed.
> > I am experimenting with some EAP methods. I was wondering if it was
> > possible
> > to make hostapd authenticate the STA using EAP-TLS (or any other EAP
> > for that matter) however not encrypt the subsequent data exchanges
> > successful authentication (i.e. not engage in 4-way hanshake etc.) It
> > be theoretically
> > possible as authentication and confidentiality are two seperate security
> > functions.
> In theory, yes, it should be possible to configure hostapd to do this.
> This requires enabling IEEE 802.1X, but not WPA and not configuring
> dynamic WEP key lengths.
> > I am bit lost as to is it as easy as changing particular config files
> > (hostapd/wpa_supplicant)
> > or would it need some code modifications ?
> I haven't tried this with madwifi driver, so I'm not sure whether it
> would work without any code changes. For wpa_supplicant, you will need
> to set eapol_flags=0 so that it does not require dynamic WEP keys.
> Jouni Malinen PGP id EFC895FA
> HostAP mailing list
> HostAP at shmoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP