Local and remote Authentication at the same time
panos at comp.lancs.ac.uk
Tue Mar 1 05:14:01 EST 2011
> On Mon, Feb 28, 2011 at 05:07:50PM -0000, Panagiotis Georgopoulos
> > Is there any way to get hostapd to support both local and remote
> > authentication in a way that, it first checks its internal RADIUS
> > server and if it doesn't have any information for the specific client
> > requesting
> > access, then it sends the packets to the remote AAA RADIUS server?
> This is not currently supported, but at least in theory, it should be
> relatively easy to add support for this since the state machines have
> least partial support for this type of selection.
> Though, it should also be noted that there can be some challenges in
> recognizing what is to be done locally with EAP methods like EAP-TTLS
> that may start with anonymous identity in the first phase.
> Jouni Malinen PGP id
Thanks a lot for your reply Jouni.
I think this is a very useful feature that would interest a lot of people
resorting to use the internal authentication server for some scenarios, but
also willing to support authentication using a remote AAA server.
Regarding the methods that start with anonymous identity, you could always
have a flag in the configuration file that says primary or default method
for anonymous identity requests = local or remote AAA server or something
similar I imagine.
More information about the HostAP