[RFC] [PATCHv8] Use radius supplied Passphrase for WPA-PSK

michael-dev at fami-braun.de michael-dev at fami-braun.de
Tue Dec 6 12:21:35 EST 2011


Hi,

I wanted to use the per-device-PSK (WPA) feature in conjunction with a radius server that does the authorization checking and should supply the psk.

This patch addresses the previous comments by
 - using Tunnel-Password instead of a plaintext, hostapd specific radius vendor attribute,
 - moving the psk generation out of radius.c,
 - removing the superflous = 0 assignment,
 - removing direkt psk supply for simplicity.

Please find a patch against git head attached that compiles fine and has been tested on x86.

To use this, one needs to enable the macaddr_acl=2 setting and have wpa_psk_radius=1 in hostapd.conf.
The radius server then just needs to supply the Tunnel-Password attribute on the access requests.
The Service-Type radius attribute is used to easily differentiate between PSK reqests and EAP requests.

Regards,                                                                                                                                                                                                       
 M. Braun                                                                                                                                                                                                      
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd-add-radius-wsk.diff
Type: text/x-diff
Size: 16316 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20111206/9f875e7b/attachment.diff 


More information about the HostAP mailing list