Integrated EAP server -- certificate questions

Chris Zimmermann cbzimmermann at mac.com
Thu Sep 7 20:29:50 EDT 2006


My questions are regarding configuring the integrated EAP server in  
hostapd v0.5.5 for EAP-TTLS.

 From hostapd.eap_user

> # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-SIM, and EAP-AKA do not use  
> password option.
> # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE  
> require a
> # password.
> # EAP-PEAP and EAP-TTLS require Phase 2 configuration.

> # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users

Does this mean that EAP-TTLS clients *must* use a client  
certificate?  Or can they use a Phase 2 username/password?

It appears that I must use provide a server or a CA certificate to  
hostapd in order to do any EAP-TLS type EAP method, including EAP- 
TTLS.  Is this accurate?

Thanks,
Chris

-- 
Chris Zimmermann
cbzimmermann at mac.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060907/d02d5b5c/attachment.htm 


More information about the HostAP mailing list