Local and remote Authentication at the same time

Panagiotis Georgopoulos panos at comp.lancs.ac.uk
Tue Mar 1 05:14:01 EST 2011


> On Mon, Feb 28, 2011 at 05:07:50PM -0000, Panagiotis Georgopoulos
> wrote:
> > Is there any way to get hostapd to support both local and remote
> > authentication in a way that, it first checks its internal RADIUS
> > server and if it doesn't have any information for the specific client 
> > requesting
> > access, then it sends the packets to the remote AAA RADIUS server?
> 
> This is not currently supported, but at least in theory, it should be
> relatively easy to add support for this since the state machines have
> at
> least partial support for this type of selection.
> 
> Though, it should also be noted that there can be some challenges in
> recognizing what is to be done locally with EAP methods like EAP-TTLS
> that may start with anonymous identity in the first phase.
> 
> Jouni Malinen                                            PGP id

Thanks a lot for your reply Jouni.

I think this is a very useful feature that would interest a lot of people
resorting to use the internal authentication server for some scenarios, but
also willing to support authentication using a remote AAA server. 

Regarding the methods that start with anonymous identity, you could always
have a flag in the configuration file that says primary or default method
for anonymous identity requests = local or remote AAA server or something
similar I imagine.

Best Regards,
Panos






More information about the HostAP mailing list