wpa: use password command

Jouni Malinen j at w1.fi
Sat Nov 26 01:18:40 PST 2022

On Fri, Nov 25, 2022 at 10:31:59AM -0500, npiazza at disroot.org wrote:
> Instead of having passwords stored plain text in /etc/wpa_supplicant.conf
> would it be possible to use a password command there, along the lines of
> password="/usr/bin/pass name at email"
> psk="/usr/bin/pass other at email"

There are multiple different ways of storing passwords in external
locations, e.g., by not using a configuration file at all and instead
configuring the passwords over the control interface or by using an
external password backend (see ext_password_backend and ext:<name>).
That latter option could be used to implement something similar to what
you seem to describe here.

> The init scheme then takes care of operating wpa_supplicant as my
> user, rather than root.

I'm not sure how that is related to how the passwords are stored.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list