Dynamic authentication / One-time password

michael-dev michael-dev
Fri Jul 20 02:48:57 PDT 2012


Am 20.07.2012 05:17, schrieb DaveM:
>> On 07/19/2012 09:36 PM, michael-dev wrote:
>>> radius hooks into hostapd_wpa_auth_get_psk in 
>>> src/ap/wpa_auth_glue.c to
>>> deliver the psk fetched from radius (sta->psk).
>> Just what I was looking for! Thank you very much :)
> I added my five lines of code. So far I'm using a hardcoded 
> passphrase.
> psk will get re-calculated on every call to hostapd_wpa_auth_get_psk
> using PKCS5_PBKDF2_HMAC_SHA1. A client entering the correct 
> passphrase
> can connect just fine. It is possible to disconnect and reconnect any
> number of times.
> But something is wrong. A) I can see that, on every connect request,
> hostapd_wpa_auth_get_psk is being called three times. Is this 
> expected
> behavior somehow? I hope not.

maybe you'd like to set sta->psk during auth, as 
hostapd_wpa_auth_get_psk is also called on rekeying.

> B) When a client enters a wrong passphrase, some part of hostapd goes
> into a tight loop. hostapd_wpa_auth_get_psk will then get called
> endlessly and I have to kill hostapd. Any idea what could cause this?

hostapd_wpa_auth_get_psk is an iterator, that means, you should have a 
(virtual) list of unique key pointers to be iterated and 
hostapd_wpa_auth_get_psk should return the key pointer after the 
last_key parameter in the list. After the last key is reached (ie the 
last on is passed as last key), the function should return NULL to break 
that endless loop.

  M. Braun

More information about the Hostap mailing list