Fri Jul 10 13:41:14 PDT 2015
On Jul 10, 2015, at 4:31 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> Junos Pulse uses EAP (including EAP-TLS) over TNC IF-T (over TLS). I'd
> *really* like to avoid having to reinvent the wheel, and I'm looking
> longingly at the EAP implementation in wpa_supplicant.
> Is there any prospect of making it into a library that can be used by
> external projects? Or should I just plan on copying code from it?
Speaking only for myself, the code *should* be re-used. It's BSD licensed. Re-using it is *infinitely* better than writing your own EAP stack.
As someone who's done a lot of RADIUS, *please* don't write your own EAP stack. Most vendors who have done this get it wrong. Very, very, wrong. Please re-use the EAP code from wpa_supplicant. It works, it's clean, and it's portable.
As an application writer.. the EAP code is designed to work with wpa_supplicant / hostapd, and not much else. I've looked at re-using the EAP library in FreeRADIUS. It's possible, but it doesn't expose all of the hooks, etc. needed for complex policies in a RADIUS server.
More information about the Hostap