EAP-TLS RADIUS login for local user authentication
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Fri Jun 10 14:04:11 PDT 2022
We have an existing application (written in Python) which uses RADIUS
for user authentication. To satisfy security/crypto requirements, we
are requested to use EAP-TLS via RADIUS because plain RADIUS is not
sufficiently secure.
I have compiled 'wpa_supplicant' with the hope that this would do what
is needed, but it seems to only do half of what is needed (the EAP-TLS
login/session part).
In order to satisfy the requirement, it appears that 'hostapd' needs
to be added like this:
RADIUS Server <--> hostapd <--> wpa_supplicant <--> LOGIN App
It appears that with some work, a local client app can use
wpa_supplicant to produce the EAP-TLS login session.
Hostapd responds to EAP-TLS login sessions by creating a RADIUS
session.
The underlying body of code in 'hostapd' and 'wpa_supplicant' is
identical. The problem is that neither application seems to have
considered this possible requirement.
Is there something I am not aware of which is better than attempting
to run 'hostapd' and 'wpa_supplicant' on the same system to support
user authentication?
Is there an example application for initating a local authentication
via 'wpa_supplicant'?
Bob
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt
More information about the Hostap
mailing list