Support for database access control?

Jouni Malinen j at w1.fi
Thu Dec 29 14:29:05 EST 2011


On Wed, Dec 28, 2011 at 06:16:19PM +0000, Ed W wrote:
> Hi, I have a desire to allow per user authentication, but my application 
> is on a small embedded appliance (which is mainly disconnected from the 
> internet) and I want to keep dependencies minimal (freeradius seems like 
> a large extra dependency?).  The user accounts are stored in a separate 
> database with passwords in an iterated blowfish format (bcrypt)
> 
> Any suggestions on the simplest way to interface this with hostapd?

What mechanism do you use for authentication? WPA2-Enterprise with PEAP
or EAP-TTLS?

> Seems like I could either look to some general hook to hostapd to call 
> some external app to do the auth check, or I could look at a very 
> lightweight custom radius server to interface to my DB (any 
> suggestions?  I have perl on this box)

You could use either another small RADIUS authentication server
implementation or modify the one included in hostapd. In either case, I
would recommend running this as a separate process to avoid blocking
hostapd for any external operation to avoid problems with things like
Probe Request processing that really should not be blocked for any extra
time.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list