Using Xfinity's WPA-EAP hotspots

Dale R. Worley worley at
Thu May 4 12:00:18 PDT 2017

Some of Xfinity's hotspots service an SSID "XFINITY", which I gather is
properly secured using WPA-EAP.  (I have Xfinity service, so I should
have an account.)  So far, I have tracked down that it uses EAP-TTLS for
the first phase authentication and GTC for the second phase.  However,
beyond that, I know nothing.  My goal is to used these hotspots using a
Fedora Linux machine.

Ideally, someone out there has already worked out how to do this and the
instructions are available somewhere.

Failing that, I'm looking for any advice I can find, given that I'm not
at all familiar with WPA-EAP.  My understating is that EAP-TTLS is a
method by which the AP uses a certificate to authenticate itself to the
client, and seems to require that the client have a copy of the
corresponding public certificate.  The location of the public
certificate seems to be specifiable via wpa_supplicant configuration.

GTC seems to mean "generalized token card", which suggests that
something external to wpa_supplicant is needed to act as the token card.
The wpa_supplicant documentation says that GTC can be configured but
doesn't make clear how wpa_supplicant is connected to the token card.  I
also am not sure what Xfinity uses for token cards when you connect to
"XFINITY" with an Android or iPhone -- I suspect Xfinity's hooking-up
process installs an app to function as the token card.

Many thanks,


More information about the Hostap mailing list