Support for database access control?
Jouni Malinen
j
Thu Dec 29 11:29:05 PST 2011
On Wed, Dec 28, 2011 at 06:16:19PM +0000, Ed W wrote:
> Hi, I have a desire to allow per user authentication, but my application
> is on a small embedded appliance (which is mainly disconnected from the
> internet) and I want to keep dependencies minimal (freeradius seems like
> a large extra dependency?). The user accounts are stored in a separate
> database with passwords in an iterated blowfish format (bcrypt)
>
> Any suggestions on the simplest way to interface this with hostapd?
What mechanism do you use for authentication? WPA2-Enterprise with PEAP
or EAP-TTLS?
> Seems like I could either look to some general hook to hostapd to call
> some external app to do the auth check, or I could look at a very
> lightweight custom radius server to interface to my DB (any
> suggestions? I have perl on this box)
You could use either another small RADIUS authentication server
implementation or modify the one included in hostapd. In either case, I
would recommend running this as a separate process to avoid blocking
hostapd for any external operation to avoid problems with things like
Probe Request processing that really should not be blocked for any extra
time.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list