[PATCH 2/4] Add some documentation relating to EAP-AKA.

greearb at candelatech.com greearb at candelatech.com
Mon Jan 12 17:15:46 EST 2015


From: Ben Greear <greearb at candelatech.com>

Signed-hostapd: Ben Greear <greearb at candelatech.com>
---
 wpa_supplicant/defconfig           | 2 +-
 wpa_supplicant/wpa_supplicant.conf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 7f627fd..6691950 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -285,7 +285,7 @@ CONFIG_PEERKEY=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)
-# gnutls = GnuTLS
+# gnutls = GnuTLS (Missing some features needed by EAP-AKA with USIM, at least)
 # internal = Internal TLSv1 implementation (experimental)
 # none = Empty template
 #CONFIG_TLS=openssl
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index c48e84e..8ec10f7 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -789,6 +789,9 @@ fast_reauth=1
 # identity: Identity string for EAP
 #	This field is also used to configure user NAI for
 #	EAP-PSK/PAX/SAKE/GPSK.
+#       For emulated EAP-AKA, it is often 0|IMSI at domain: 0555444333222111 at wlan.org
+#       For emulated EAP-SIM, it is often 1|IMSI at domain
+#
 # anonymous_identity: Anonymous identity string for EAP (to be used as the
 #	unencrypted identity with EAP types that support different tunnelled
 #	identity, e.g., EAP-TTLS). This field can also be used with
@@ -802,6 +805,9 @@ fast_reauth=1
 #	PSK) is also configured using this field. For EAP-GPSK, this is a
 #	variable length PSK. ext:<name of external password field> format can
 #	be used to indicate that the password is stored in external storage.
+#       For emulated EAP-AKA, the syntax is K:OPc:SQN
+#       For emulated EAP-SIM, the syntax is K:OPc
+#
 # ca_cert: File path to CA certificate file (PEM/DER). This file can have one
 #	or more trusted CA certificates. If ca_cert and ca_path are not
 #	included, server certificate will not be verified. This is insecure and
-- 
1.7.11.7



More information about the HostAP mailing list