[RFC] [PATCHv1] Use radius supplied PSK / Passphrase for WPA-PSK

[Michael Braun]

Hi,

I wanted to use the per-device-PSK (WPA) feature in conjunction with a radius server that does the authorization checking and should supply the psk.
I found RouterOS to have a feature like this (Miktronik-Wireless-PSK or so radius attribute) but no source and a hint on this mailing list
that it should not be difficult to implement.
Please find a patch against git head attached that compiles fine and is currently under testing.

To use this, one needs to enable the macaddr_acl = RADIUS setting and have wpa_psk_radius=1.
For Freeradius, one needs to add 
 VENDOR          Hostapd        7492
 ATTRIBUTE       Hostapd-PSK          1    integer             Hostapd
 ATTRIBUTE       Hostapd-Passphrase          2    string             Hostapd
to the dictionary file and make sure that either Hostapd-Passphrase or Hostapd-PSK (the latter has higher priority) is in the radius reply.
The PSK should be supplied hex encoded, the passphrase is turned into a psk by hostapd.

Regards,
 M. Braun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostapd-add-radius-wsk.diff
Type: text/x-diff
Size: 12276 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20111129/392e0eb1/attachment-0001.diff