EAP-TNC support in Hostapd's Radius Server vs. FreeRadius

Jouni Malinen j at w1.fi
Tue Aug 26 08:57:50 EDT 2008


On Tue, Aug 26, 2008 at 02:39:43PM +0200, Martin Schneider wrote:

> I want to setup a testbed for playing with EAP-TNC, precicely I want
> to implement a new IMC / IMV pair for measuring some parts of the
> operating system. On the wpa_supplicant / hostapd page I read, that
> both applications support EAP-TNC. What I do not know for sure up to
> now is, what parts of the TNC architecture are already included in
> hostapd / wpa_supplicant and what parts are missing.
> 
> If I understand the homepages correctly, a TNC Client / Server and all
> Interfaces specified in the TNC spec are available. So the IMC / IMV
> part should be missing and the only thing for me to do is adding such
> software to the existing implementations. Is this correct?

hostapd 0.6.4 includes an TNCS implementation and the needed interfaces
(IF-IMV, IF-TNCCS, IF-TNCCS-SOH) for communication, i.e., only IMV(s)
are needed as external components. They are configured according to the
TNC specification (/etc/tnc_config in case of Linux).

Similarly, wpa_supplicant 0.6.4 includes TNCC and the needed interfaces
(IF-IMC, IF-TNCCS, IF-TNCCS-SOH) and only IMC(s) are needed as external
components (configuration according to the TNC spec, /etc/tnc_config for
Linux, Windows registry for Windows XP).

> I have seen, that FreeRadius also supports EAP-TNC but the people
> there told me, that the support is "very experimental". So my next
> question is, if the EAP-TNC implementation in hostapd / wpasupplicant
> is more stable and in a state that might be called "production ready"?

I'm not aware of any open issues with the EAP-TNC implementation in
hostapd/wpa_supplicant. In theory, 0.6.x branch is still called
development branch, but in practice it is quite stable.

> If "yes", I could setup a hostapd on a machine and use this one as an
> Radius authentication server for other hostapds that work as a pure
> Access Point?

Yes.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list