EAP-TLS - Authentication succeeds with in-correct "private_key_passwd"

saurav barik saurav.barik at gmail.com
Fri Oct 8 16:07:16 EDT 2010


Thanks Panos. Reconfigure does not trigger a reauth as confirmed by
Jouni. I also tried but it did not help.

On Fri, Oct 8, 2010 at 2:46 PM, Panagiotis Georgopoulos
<panos at comp.lancs.ac.uk> wrote:
> Hello Saurav,
>
>        Please see inile...
>
>
>> I agree - PMKSA caching is a good feature. But it should not force to
>> skip the need for a reauth. A user might try to change his TLS
>> certificates/password at the run-time and edit the wpa_supplicant.conf
>> for the new configs. In this case, wpa_supplicant should have a
>> provision to start a reauth session because the certificates are
>> changed. In this case user is not breaking a working config - he just
>> wants to use new configuration. As of now, the only way the new config
>> can take effect is by restarting the running wpa_supplicant. Would not
>> it be better, if we can have a similar mechanism with a running
>> wpa_supplicant?
>
> As far as I know, you can use wpa_cli and force wpa_supplicant to read the
> new configuration (that the user changed) by running 'reconfigure'. That
> will read the new configuration and use the new certificates and password
> (if the user changed them). I am not sure if this flushes PMKSA caching or
> how it affects reauth, but it is worth a try if that is what you need.
>
> Cheers,
> Panos
>
>
>>
>> If we need to re-run wpa_supplicant every time TLS certs are changed,
>> then logon/logoff options from wpa_cli is redundant. Please correct me
>> if I am wrong.
>>
>> Thanks,
>> Saurav
>
>
>


More information about the HostAP mailing list