EAP-TTLS/EAP-TLS hostap configuration

Mr Dash Four mr.dash.four
Mon Nov 28 05:32:37 PST 2011


> The internal authentication server in hostapd is focusing more on small
> size than large set of functionality that could be more common in
> enterprise environments. Neither two different sets of server
> certificates nor matching of certificate attributes are supported.
>   
Thanks! Two more queries, if I may:
1) Should I at least assume that if I use hostapd as RADIUS, 
EAP-TTLS/EAP-TLS is supported, but only if I use one set of ca, server 
and user certificates/key?; and
2) If I do *not* use hostapd as authentication server (and use external 
RADIUS instead), wish to perform EAP-TTLS/EAP-TLS authentication, use 
two pairs of ca, server and user certificates/key then I presume all 
negotiations between the (wireless) client and RADIUS are passed to 
RADIUS by hostapd, thus allowing authentication process to be concluded, 
is that correct (I am also assuming that hostapd is installed on the 
AP/NAS)?

Many thanks for your input Jouni, much appreciated!



More information about the Hostap mailing list