Using hostap components for radius authentication
Nicolas Goy
kuon at goyman.com
Tue Jul 21 10:32:02 EDT 2020
Hello,
I need to write a standalone binary to authenticate users with a RADIUS server, I need to support EAP-TLS and PEAP. I also need to read RADIUS VSA if the auth is successful. It must be cross platform (linux+windows).
After many researchs, I feel like hostap/wpa_supplicant source has what I need to make this, but I'm a bit lost.
The binary would be used like ./radius_auth -c auth.conf jon password
In the conf file, there would be servers ip (for load balancing), shared secret and client certificate.
I tested eapol_test, and it works with my test server, now I looked into eapol_test.c and it looks similar to what I need, but it seems to do a lot.
I also looked into radius_example.c which seems more like the "minimal example" I need, but I cannot tell if this example would support TLS. When I test it it just communicate in plain text.
What would be the minimal code structure? Do you have other example I could read? I could start with eapol_test.c and remove what I don't need, but there is still so much I do not understand.
Finally, I am a bit confused with all those different standard, I also discovered Radsec which seems a TCP based thing. Do you know a good a good read to get a better grasp of the messages flow and whole architecture?
Thanks
--
Nicolas Goy
Programmer
https://www.kuon.ch
Goyman SA
https://www.goyman.com
More information about the Hostap
mailing list