EAP-TLS, whether we should provide password or not?

Chuck Tuffli CTuffli at dspg.com
Fri Dec 28 09:13:55 EST 2007


> -----Original Message-----
> From: hostap-bounces+ctuffli=dspg.com at shmoo.com 
> [mailto:hostap-bounces+ctuffli=dspg.com at shmoo.com] On Behalf 
> Of Raghavendra. S
> Sent: Thursday, December 27, 2007 10:56 PM
> To: hostap at shmoo.com
> Subject: EAP-TLS, whether we should provide password or not?
> 
> Hi All,
> 
> I have following configuration for EAP-TLS.
> 
> ---------------------------------start------------------------
----------------------------
> ctrl_interface=/var/run/wpa_supplicant
> ap_scan=1
> fast_reauth=1
> eapol_version=1
> 
> network={
>         ssid="3Com"
>         proto=WPA
>         scan_ssid=1
>         key_mgmt=WPA-EAP IEEE8021X
>         pairwise=CCMP TKIP
>         group=CCMP TKIP
>         eap=TLS
>         identity="jbibe"
>         ca_cert="/mnt/nfs/certs/root.pem"
>         client_cert="/mnt/nfs/certs/cert-clt.pem"
>         private_key="/mnt/nfs/certs/cert-clt.pem"
>         private_key_passwd="whatever"
> }

This looks pretty similar to something I used for testing. The below
seemed like the bare minimum I needed to get a Proxim + FreeRADIUS
working with TLS.

network={
	ssid="myssid"

	# 802.1X
	key_mgmt=WPA-EAP
	proto=RSN
	eap=TLS
	ca_cert="/certs/wifi_ca_cert.pem"
	client_cert="/certs/client_keycert.pem"
	private_key="/certs/client_keycert.pem"
	private_key_passwd="whatever"

	identity="root"
}

---chuck



More information about the HostAP mailing list