EAP/802.1X authentication without susbsequent data confidentiality
Jouni Malinen
jkmaline
Wed May 31 19:39:58 PDT 2006
On Thu, Jun 01, 2006 at 12:33:11PM +1000, Rupsky Gill wrote:
> I am using madwifi driver and hostapd to set up an Access Point and
> i am using wpa_supplicant and madwifi for the STA.
madwifi driver interface had some assumptions about hostapd only being
used when data packets are encrypted.. I don't remember whether this has
been fixed.
> I am experimenting with some EAP methods. I was wondering if it was
> possible
> to make hostapd authenticate the STA using EAP-TLS (or any other EAP method
> for that matter) however not encrypt the subsequent data exchanges after
> successful authentication (i.e. not engage in 4-way hanshake etc.) It should
> be theoretically
> possible as authentication and confidentiality are two seperate security
> functions.
In theory, yes, it should be possible to configure hostapd to do this.
This requires enabling IEEE 802.1X, but not WPA and not configuring
dynamic WEP key lengths.
> I am bit lost as to is it as easy as changing particular config files
> (hostapd/wpa_supplicant)
> or would it need some code modifications ?
I haven't tried this with madwifi driver, so I'm not sure whether it
would work without any code changes. For wpa_supplicant, you will need
to set eapol_flags=0 so that it does not require dynamic WEP keys.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list