Support for database access control?

Jouni Malinen j
Thu Dec 29 11:29:05 PST 2011

On Wed, Dec 28, 2011 at 06:16:19PM +0000, Ed W wrote:
> Hi, I have a desire to allow per user authentication, but my application 
> is on a small embedded appliance (which is mainly disconnected from the 
> internet) and I want to keep dependencies minimal (freeradius seems like 
> a large extra dependency?).  The user accounts are stored in a separate 
> database with passwords in an iterated blowfish format (bcrypt)
> Any suggestions on the simplest way to interface this with hostapd?

What mechanism do you use for authentication? WPA2-Enterprise with PEAP

> Seems like I could either look to some general hook to hostapd to call 
> some external app to do the auth check, or I could look at a very 
> lightweight custom radius server to interface to my DB (any 
> suggestions?  I have perl on this box)

You could use either another small RADIUS authentication server
implementation or modify the one included in hostapd. In either case, I
would recommend running this as a separate process to avoid blocking
hostapd for any external operation to avoid problems with things like
Probe Request processing that really should not be blocked for any extra

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list