EAP/TLS and TTLS should be configured by default in HEAD. Not sure what
is done in RELENG_7. Regardless you can trivially rebuild hostapd w/
the functionality you want by definitions to your src.conf:
HOSTAPD_CFLAGS
HOSTAPD_DPADD
HOSTAPD_LDADD
(looks like you use WPA_SUPPLICANT_* knobs in RELENG_7, check
usr.sbin/wpa/hostapd/Makefile).
As to what should be enabled by default, I can only say that I tried to
choose the most common setup as the default. Choosing this
configuration also balances between bloat and inclusion of code that
might not be as well audited and/or tested as other code. Hence the
default setup used to be WPA-PSK only but has since grown to include
various EAP flavors. My assumption was that anyone building a system
using these tools would want to go through and choose what they wanted
anyway so enabling everything was a bad idea.
Sam
Vladimir Terziev wrote:
Hi Paul,
is there some special reason behind this? Why the server is made part of
the main distribution with stripped functionality ?
Also, how can i enable it ?
Thanks,
Vladimir
On Thu, 2009-06-18 at 13:55 +0300, Paul B. Mahol wrote:
On 6/18/09, Vladimir Terziev <vladim...@partygaming.com> wrote:
Hi,
i try to setup wireless access point at home, based on FreeBSD
7.2R-i386, ral(4) wireless card and hostpad(8).
I want my wireless AP to support 802.1x EAP-TLS/TTLS authentication.
I
issued a custom SSL certificate for the hostapd(8) and put the
following
directives in hostapd.conf:
eap_server=0
ca_cert=/usr/local/etc/myCA.crt.pem
server_cert=/usr/local/etc/hostapd.server.crt.pem
private_key=/usr/local/etc/hostapd.server.key.pem
private_key_passwd=some_pass
When i tried to start the hostapd(8) i got the following errors:
Line 15: unknown configuration item 'eap_server'
Line 16: unknown configuration item 'ca_cert'
Line 17: unknown configuration item 'server_cert'
Line 18: unknown configuration item 'private_key'
Line 19: unknown configuration item 'private_key_passwd'
Does the stock FreeBSD's hostapd(8) support 802.1X EAP-TLS/TTLS at
all
and if "not" why ?
802.1X EAP-TLS/TTLS is not enabled by default on FreeBSD's hostapd(8).
--
Paul
This email and any attachments are confidential, and may be legally privileged and protected by copyright. If you are not the intended recipient dissemination or copying of this email is prohibited. If you have received this in error, please notify the sender by replying by email and then delete the email completely from your system.
Any views or opinions are solely those of the sender. This communication is
not intended to form a binding contract unless expressly indicated to the
contrary and properly authorised. Any actions taken on the basis of this email
are at the recipient's own risk.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
