[RFC] [PATCHv8] Use radius supplied Passphrase for WPA-PSK
michael-dev at fami-braun.de
Tue Dec 6 09:21:35 PST 2011
I wanted to use the per-device-PSK (WPA) feature in conjunction with a radius server that does the authorization checking and should supply the psk.
This patch addresses the previous comments by
- using Tunnel-Password instead of a plaintext, hostapd specific radius vendor attribute,
- moving the psk generation out of radius.c,
- removing the superflous = 0 assignment,
- removing direkt psk supply for simplicity.
Please find a patch against git head attached that compiles fine and has been tested on x86.
To use this, one needs to enable the macaddr_acl=2 setting and have wpa_psk_radius=1 in hostapd.conf.
The radius server then just needs to supply the Tunnel-Password attribute on the access requests.
The Service-Type radius attribute is used to easily differentiate between PSK reqests and EAP requests.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 16316 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20111206/9f875e7b/attachment.diff
More information about the Hostap