Using Xfinity's WPA-EAP hotspots
Dale R. Worley
worley at alum.mit.edu
Thu May 4 12:00:18 PDT 2017
Some of Xfinity's hotspots service an SSID "XFINITY", which I gather is
properly secured using WPA-EAP. (I have Xfinity service, so I should
have an account.) So far, I have tracked down that it uses EAP-TTLS for
the first phase authentication and GTC for the second phase. However,
beyond that, I know nothing. My goal is to used these hotspots using a
Fedora Linux machine.
Ideally, someone out there has already worked out how to do this and the
instructions are available somewhere.
Failing that, I'm looking for any advice I can find, given that I'm not
at all familiar with WPA-EAP. My understating is that EAP-TTLS is a
method by which the AP uses a certificate to authenticate itself to the
client, and seems to require that the client have a copy of the
corresponding public certificate. The location of the public
certificate seems to be specifiable via wpa_supplicant configuration.
GTC seems to mean "generalized token card", which suggests that
something external to wpa_supplicant is needed to act as the token card.
The wpa_supplicant documentation says that GTC can be configured but
doesn't make clear how wpa_supplicant is connected to the token card. I
also am not sure what Xfinity uses for token cards when you connect to
"XFINITY" with an Android or iPhone -- I suspect Xfinity's hooking-up
process installs an app to function as the token card.
More information about the Hostap