Dynamic authentication / One-time password

DaveM dave
Thu Jul 19 20:17:02 PDT 2012

> On 07/19/2012 09:36 PM, michael-dev wrote:
>> radius hooks into hostapd_wpa_auth_get_psk in src/ap/wpa_auth_glue.c to 
>> deliver the psk fetched from radius (sta->psk).
> Just what I was looking for! Thank you very much :)

I added my five lines of code. So far I'm using a hardcoded passphrase.
psk will get re-calculated on every call to hostapd_wpa_auth_get_psk
using PKCS5_PBKDF2_HMAC_SHA1. A client entering the correct passphrase
can connect just fine. It is possible to disconnect and reconnect any
number of times.

But something is wrong. A) I can see that, on every connect request,
hostapd_wpa_auth_get_psk is being called three times. Is this expected
behavior somehow? I hope not.

B) When a client enters a wrong passphrase, some part of hostapd goes
into a tight loop. hostapd_wpa_auth_get_psk will then get called
endlessly and I have to kill hostapd. Any idea what could cause this?

More information about the Hostap mailing list