diff options
| author | sam <sam@FreeBSD.org> | 2005-06-05 22:35:03 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2005-06-05 22:35:03 +0000 |
| commit | 21e78f430e299464b3c902bec78f8daa1f0e2e71 (patch) | |
| tree | a7d225a062cd128980707f3fa918dec2d015c46b /contrib/hostapd/hostapd.eap_user | |
| download | FreeBSD-src-21e78f430e299464b3c902bec78f8daa1f0e2e71.zip FreeBSD-src-21e78f430e299464b3c902bec78f8daa1f0e2e71.tar.gz | |
Stripped down import of hostapd v0.3.7
Diffstat (limited to 'contrib/hostapd/hostapd.eap_user')
| -rw-r--r-- | contrib/hostapd/hostapd.eap_user | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/contrib/hostapd/hostapd.eap_user b/contrib/hostapd/hostapd.eap_user new file mode 100644 index 0000000..529334a --- /dev/null +++ b/contrib/hostapd/hostapd.eap_user @@ -0,0 +1,45 @@ +# hostapd user database for integrated EAP authenticator +# Each line must contain an identity, EAP method(s), and an optional password +# separated with whitespace (space or tab). The identity and password must be +# double quoted ("user"). [2] flag in the end of the line can be used to mark +# users for tunneled phase 2 authentication (e.g., within EAP-PEAP). In these +# cases, an anonymous identity can be used in the unencrypted phase 1 and the +# real user identity is transmitted only within the encrypted tunnel in phase +# 2. If non-anonymous access is needed, two user entries is needed, one for +# phase 1 and another with the same username for phase 2. +# +# EAP-TLS, EAP-PEAP, EAP-TTLS, and EAP-SIM do not use password option. +# EAP-MD5, EAP-MSCHAPV2, and EAP-GTC require a password. +# EAP-PEAP and EAP-TTLS require Phase 2 configuration. +# +# * can be used as a wildcard to match any user identity. The main purposes for +# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to +# avoid having to configure every certificate for EAP-TLS authentication. The +# first matching entry is selected, so * should be used as the last phase 1 +# user entry. +# +# Multiple methods can be configured to make the authenticator try them one by +# one until the peer accepts one. The method names are separated with a +# comma (,). +# +# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP +# version based on the Phase 1 identity. Without this flag, the EAP +# authenticator advertises the highest supported version and select the version +# based on the first PEAP packet from the supplicant. + +# Phase 1 users +"user" MD5 "password" +"test user" MD5 "secret" +"example user" TLS +"DOMAIN\user" MSCHAPV2 "password" +"gtc user" GTC "password" +"ttls" TTLS +"not anonymous" PEAP +* PEAP,TTLS,TLS,SIM + +# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users +"t-md5" MD5 "password" [2] +"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] +"t-gtc" GTC "password" [2] +"not anonymous" MSCHAPV2 "password" [2] +"user" MD5,GTC,MSCHAPV2 "password" [2] |
