EAP-OTP support

Jouni Malinen j at w1.fi
Wed Apr 4 02:06:21 PDT 2018


On Tue, Apr 03, 2018 at 04:11:36PM -0700, James Prestwood wrote:
> I am wondering if hostapd supports EAP-OTP. I see code in
> wpa_supplicant for it, but nothing in hostapd. I am trying to test EAP-
> OTP with PEAP and have a user file:
> 
> # Phase 1 users
> * PEAP [ver=1]
> # Phase 2
> "secure at identity.com" OTP "testpasswd" [2]
> 
> Running with this file I get:
> 
> Unsupported EAP type 'OTP' on line 4 in '/tmp/eap-user-peap-otp.text'

No, there is no support for EAP-OTP in hostapd EAP server. The EAP
method itself would be trivial to add, but the main reason for not
having added that is in the password configuration or a lack of any
convenient mechanism to interface with dynamic password generation. A
fixed password in the EAP user database is not exactly the model in
which OTP is supposed to be used.

Do you have a specific use case in mind for EAP-OTP?

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list