EAP-TLS - Authentication succeeds with in-correct "private_key_passwd"

saurav barik saurav.barik at gmail.com
Mon Oct 4 14:32:41 EDT 2010


Hi,

I am trying to setup EAP-TLS with wpa_supplicant(v0.6.10) and radius
server(in windows server 2008). I generated the certificates and could
authenticate the user successfully. However during my tests I found
that -
After a successful authentication, if I change "private_key_passwd" in
wpa_supplicant.conf and run "RECONFIGURE"(from wpa_cli) - Still the
authentication is successful. Does the wpa_supplicant still use the
old password to authenticate? Or does it ignore the new authentication
request (because of RECONFIGURE), as it is already
authenticated/connected to the AP? Please note that if I stop
wpa_supplicant and run it again(with _wrong_ password in conf file),
it fails to authenticate - which is the right thing.

I searched in the mailing list but could not find any relevant
discussion. Please share some pointers.

Thanks in advance,
Saurav

My wpa_supplicant.conf file -

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root

network={
     ssid="ENT-TEST"
     key_mgmt=WPA-EAP
     pairwise=CCMP TKIP
     group=CCMP TKIP
     eap=TLS
     identity="saurav at hsradius.com"
     ca_cert="/etc/cert/ca.pem"
     client_cert="/etc/cert/user.pem"
     private_key="/etc/cert/user.prv"
     private_key_passwd="saurav"
     priority=4
}


More information about the HostAP mailing list