802.1X - WPA enterprise mode not yet supported ?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

802.1X - WPA enterprise mode not yet supported ?

Christopher Zimmermann
Hi,

it just took me 2 hours to figure out that OpenBSD does not yet
support the WPA enterprise mode (aka 802.1X). Is this actually
true? If yes, please include the patch below to make this clear
in the man page.

I like the high quality of the OpenBSD manpages, but today I
really spent 2 hours searching where to put my certificates.


Christopher


Index: sbin/ifconfig/ifconfig.8
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.202
diff -u -p -r1.202 ifconfig.8
--- sbin/ifconfig/ifconfig.8 28 May 2010 13:23:43 -0000 1.202
+++ sbin/ifconfig/ifconfig.8 28 Jun 2010 17:58:11 -0000
@@ -980,8 +980,8 @@ and
  .Ar psk
  authentication (also known as personal mode) uses a 256-bit pre-shared
key.
  .Ar 802.1x
-authentication (also known as enterprise mode) is meant to be used with
-an external IEEE 802.1X authentication server.
+authentication (also known as enterprise mode; not yet supported) is
meant to
+be used with an external IEEE 802.1X authentication server.
  The default value is
  .Dq psk .
  .Dq psk

Reply | Threaded
Open this post in threaded view
|

Re: 802.1X - WPA enterprise mode not yet supported ?

Jason McIntyre-2
On Mon, Jun 28, 2010 at 08:00:34PM +0200, Christopher Zimmermann wrote:
>
> it just took me 2 hours to figure out that OpenBSD does not yet
> support the WPA enterprise mode (aka 802.1X). Is this actually
> true? If yes, please include the patch below to make this clear
> in the man page.
>

yes, see ifconfig.8 cvs log -r1.55:

----------------------------
revision 1.155
date: 2008/04/16 18:32:15;  author: damien;  state: Exp;  lines: +137 -6
Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

...
=============================================================================

i've updated the man page.
jmc