Two Factor Authentication using EAP-TTLS
kkanago at ciena.com
Fri Sep 4 12:20:37 EDT 2015
> Date: Thu, 3 Sep 2015 13:59:38 -0700
> From: Paresh Sawant <paresh.sawant at gmail.com>
> To: hostap at lists.shmoo.com
> Subject: Two Factor Authentication using EAP-TTLS
> <CAJ5GY0f3ixfGPkD3vVkU58P2dkZOjdYjtNNsCEYDTyekvmVwJA at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
> Does hostap configuration support two factor authentication of the client? I'm looking for hostap configuration (as a RADIUS server) that'll allow client to be authenticated using certificate in
> outer phase and some other method e.g. EAP-MSCHAPV2 in the inner phase.
Are you asking if EAP-TTLS and EAP-MSCHAPV is supported or if that's valid two factor auth?
Doing EAP-TTLS as the outer method and EAP-MSCHAPv2 as the inner meets the definition of two
factor authentication. The certificates for TTLS are "something you have" and MSCHAPv2 relies
on credentials that are "something you know".
Hostap with an external radius server will (so far as I know/have used it) pass whatever EAP it gets to
RADIUS, so it shouldn't (generally) care what kind of EAP methods you are using.
More information about the HostAP