Dynamic authentication / One-time password
michael-dev
michael-dev at fami-braun.de
Fri Jul 20 05:48:57 EDT 2012
Hi,
Am 20.07.2012 05:17, schrieb DaveM:
>> On 07/19/2012 09:36 PM, michael-dev wrote:
>>> radius hooks into hostapd_wpa_auth_get_psk in
>>> src/ap/wpa_auth_glue.c to
>>> deliver the psk fetched from radius (sta->psk).
>>
>> Just what I was looking for! Thank you very much :)
>
> I added my five lines of code. So far I'm using a hardcoded
> passphrase.
> psk will get re-calculated on every call to hostapd_wpa_auth_get_psk
> using PKCS5_PBKDF2_HMAC_SHA1. A client entering the correct
> passphrase
> can connect just fine. It is possible to disconnect and reconnect any
> number of times.
>
> But something is wrong. A) I can see that, on every connect request,
> hostapd_wpa_auth_get_psk is being called three times. Is this
> expected
> behavior somehow? I hope not.
maybe you'd like to set sta->psk during auth, as
hostapd_wpa_auth_get_psk is also called on rekeying.
>
> B) When a client enters a wrong passphrase, some part of hostapd goes
> into a tight loop. hostapd_wpa_auth_get_psk will then get called
> endlessly and I have to kill hostapd. Any idea what could cause this?
hostapd_wpa_auth_get_psk is an iterator, that means, you should have a
(virtual) list of unique key pointers to be iterated and
hostapd_wpa_auth_get_psk should return the key pointer after the
last_key parameter in the list. After the last key is reached (ie the
last on is passed as last key), the function should return NULL to break
that endless loop.
Regards,
M. Braun
More information about the HostAP
mailing list