EAP/802.1X authentication without susbsequent data confidentiality

[Rupsky Gill]

Will try that. Thanks for your help Jouni. If that doesn't work, i will try
using the hostap driver for the AP.

Regards
Rupinder


On 6/1/06, Jouni Malinen <jkmaline at cc.hut.fi> wrote:
>
> On Thu, Jun 01, 2006 at 12:33:11PM +1000, Rupsky Gill wrote:
>
> > I am using madwifi driver and hostapd to set up an Access Point and
> > i am using wpa_supplicant and madwifi for the STA.
>
> madwifi driver interface had some assumptions about hostapd only being
> used when data packets are encrypted.. I don't remember whether this has
> been fixed.
>
> > I am experimenting with some EAP methods. I was wondering if it was
> > possible
> > to make hostapd authenticate the STA using EAP-TLS (or any other EAP
> method
> > for that matter)  however not encrypt the subsequent data exchanges
> after
> > successful authentication (i.e. not engage in 4-way hanshake etc.) It
> should
> > be theoretically
> > possible as authentication and confidentiality are two seperate security
> > functions.
>
> In theory, yes, it should be possible to configure hostapd to do this.
> This requires enabling IEEE 802.1X, but not WPA and not configuring
> dynamic WEP key lengths.
>
> > I am bit lost as to is it as easy as changing particular config files
> > (hostapd/wpa_supplicant)
> > or would it need some code modifications ?
>
> I haven't tried this with madwifi driver, so I'm not sure whether it
> would work without any code changes. For wpa_supplicant, you will need
> to set eapol_flags=0 so that it does not require dynamic WEP keys.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060601/8ee7f24e/attachment.htm