Changing keymanagement without disconnect

Jouni Malinen j
Thu Dec 18 10:24:05 PST 2008


On Thu, Dec 18, 2008 at 10:55:21AM +0100, Arne Keller wrote:

> is it possible to change the keymanagement without a disconnect?
> I think of something like connecting with EAP-MD5 and then doing a 
> rekeying with lets say EAP-TLS.

What exactly do you mean with "keymanagement". The example here is about
a change in the used EAP method, not key management mechanism (e.g., PSK
vs. EAP). Furthermore, use of EAP-MD5 as an example with rekeying is
confusing since EAP-MD5 does not derive any keying material.

> I've tried  this with "wpa_cli select_network" by changing two different 
> configurations for one AP but this causes a interrupt of the connection.
> Maybe there is a way to change the code that this can be done without 
> deleting the old key that the connection remains up until the new key is 
> derived.

If you are trying to change EAP method from one to another, you could
probably change the current configuration block, logoff, logon (see
wpa_cli commands set_network, logoff, logon). This could be done within
the same association (if that is what you consider a "connection").

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list