Integrated EAP server -- certificate questions
Chris Zimmermann
cbzimmermann
Thu Sep 7 17:29:50 PDT 2006
My questions are regarding configuring the integrated EAP server in
hostapd v0.5.5 for EAP-TTLS.
From hostapd.eap_user
> # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-SIM, and EAP-AKA do not use
> password option.
> # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE
> require a
> # password.
> # EAP-PEAP and EAP-TTLS require Phase 2 configuration.
> # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
Does this mean that EAP-TTLS clients *must* use a client
certificate? Or can they use a Phase 2 username/password?
It appears that I must use provide a server or a CA certificate to
hostapd in order to do any EAP-TLS type EAP method, including EAP-
TTLS. Is this accurate?
Thanks,
Chris
--
Chris Zimmermann
cbzimmermann at mac.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060907/d02d5b5c/attachment.htm
More information about the Hostap
mailing list