wpa: use password command

npiazza at disroot.org npiazza at disroot.org
Sat Nov 26 15:28:46 PST 2022

On Sat, Nov 26, 2022 at 11:18:40AM +0200, Jouni Malinen wrote:
> On Fri, Nov 25, 2022 at 10:31:59AM -0500, npiazza at disroot.org wrote:
> > Instead of having passwords stored plain text in /etc/wpa_supplicant.conf
> > would it be possible to use a password command there, along the lines of
> > 
> > password="/usr/bin/pass name at email"
> > psk="/usr/bin/pass other at email"
> There are multiple different ways of storing passwords in external
> locations, e.g., by not using a configuration file at all and instead
> configuring the passwords over the control interface or by using an
> external password backend (see ext_password_backend and ext:<name>).
> That latter option could be used to implement something similar to what
> you seem to describe here.

Thanks. Just to clarify: I store my passwords encrypted, and access them
via pass in the usual way. Are you saying that it's already possible
to use an external password backend to *retrieve* passwords (not to
store them)? What is the line that should go in the .conf file, assuming
that on the terminal the command '/usr/bin/pass name at email' prints the
relevant password to stdout?

(I understand that one can configure this over the control interface
or using other files, but I was specifically asking about
the .conf file. Also, the init part is irrelevant, please disregard.) 

More information about the Hostap mailing list