EAP/802.1X authentication without susbsequent data confidentiality
Wed May 31 19:39:58 PDT 2006
On Thu, Jun 01, 2006 at 12:33:11PM +1000, Rupsky Gill wrote:
> I am using madwifi driver and hostapd to set up an Access Point and
> i am using wpa_supplicant and madwifi for the STA.
madwifi driver interface had some assumptions about hostapd only being
used when data packets are encrypted.. I don't remember whether this has
> I am experimenting with some EAP methods. I was wondering if it was
> to make hostapd authenticate the STA using EAP-TLS (or any other EAP method
> for that matter) however not encrypt the subsequent data exchanges after
> successful authentication (i.e. not engage in 4-way hanshake etc.) It should
> be theoretically
> possible as authentication and confidentiality are two seperate security
In theory, yes, it should be possible to configure hostapd to do this.
This requires enabling IEEE 802.1X, but not WPA and not configuring
dynamic WEP key lengths.
> I am bit lost as to is it as easy as changing particular config files
> or would it need some code modifications ?
I haven't tried this with madwifi driver, so I'm not sure whether it
would work without any code changes. For wpa_supplicant, you will need
to set eapol_flags=0 so that it does not require dynamic WEP keys.
Jouni Malinen PGP id EFC895FA
More information about the Hostap