PAP and CHAP support
Jouni Malinen
j
Thu Dec 13 19:31:49 PST 2007
On Fri, Dec 14, 2007 at 07:07:23AM +0530, Raghavendra. S wrote:
> Whether wpa supplicant supports PAP and CHAP? how it should be configured.?
Yes, PAP and CHAP can be used as tunneled authentication methods with
EAP-TTLS.
> eap=TTLS
> phase2="auth=PAP auth=CHAP autheap=MSCHAPV2 autheap=MD5"
>
> is above configuration correct? or i have to use autheap for PAP and CHAP.
You can only select one EAP-TTLS phase 2 method out of five options:
PAP, CHAP, MSCHAP, MSCHAPV2, and EAP since EAP-TTLS does not have a
negotiation for the used mechanism. However, EAP option (autheap) can
have multiple enabled EAP methods.
In other words, the configuration above would not result in all four
options being enabled. Instead, it would actually end up enabling just
EAP-MSCHAPv2 for phase 2. You could set phase2 parameter to "auth=PAP"
to enable PAP, to "auth=CHAP" to enable CHAP, and "autheap=MSCHAPV2 MD5"
to enable EAP with both EAP-MSCHAPv2 and EAP-MD5 allowed.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list