EAP-TTLS/EAP-TLS hostap configuration

Jouni Malinen j at w1.fi
Mon Nov 28 04:25:46 EST 2011


On Sun, Nov 27, 2011 at 04:30:06PM +0000, Mr Dash Four wrote:
> I see! So, if I use external RADIUS none of the EAP configuration, apart 
> from the shared_secret part, is applicable in my case, right? However, 
> if I decide to use hostapd as RADIUS would I be able to configure it 
> that way - with (potentially) two separate sets of ca, server & user 
> certificates for each phase (EAP-TTLS - outer, and then EAP-TLS - inner)?
> 
> In addition, is it possible to specify user-authentication matching by 
> certain certificate attributes (CN, Subject etc), is that implemented in 
> hostapd?

The internal authentication server in hostapd is focusing more on small
size than large set of functionality that could be more common in
enterprise environments. Neither two different sets of server
certificates nor matching of certificate attributes are supported.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list