hostapd forking and enhancements
Jouni Malinen
jkmaline
Mon Jan 6 19:57:40 PST 2003
On Mon, Jan 06, 2003 at 02:19:23PM -0500, Sergio M. Ammirata wrote:
> 1) hostapd should support forking. I have tried to use "hostapd &" on my
> init scripts in order to get it loaded on startup but as soon as the
> init script dies the hostapd dies with it.
Yes, I agree. In addition, hostapd would benefit of an option to direct
some logging to syslog instead of stdout. These are on my todo list..
> 2) The station authentication currently supports open access and mac
> address list. It would very helpful if hostapd would add an option to
> support the execution of an external bin for authentication. Perhaps it
> can pass two arguments, the mac of wlan0 and the mac of the station and
> based on the response from the bin it lets the station in .
I would pass interface name and MAC address of the station, but yes,
something like this has been requested couple of times. Instead of
external program, hostapd could also use RADIUS server directly since
there is already routines for generating and parsing RADIUS messages.
However, there is a small issue with external authentication. IEEE
802.11 station implementations seem to use quite small timeout value for
authentication frames. In other words, often there is not enough time to
execute query to RADIUS server or external program. hostapd would need
to cache the external reply for some time and rely on station trying
again. Cached reply could then be used to generate authentication reply
quickly enough.
If someone can point me to a specification of which RADIUS attributes
are used in this kind of authentication query (i.e., how to encode the
MAC address of the station into Access-Request so that the RADIUS server
understands it), I'll try to add support for it. I can also accept
sniffed RADIUS exchange as an alternative for this specification ;-).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list