diff options
author | sam <sam@FreeBSD.org> | 2006-09-02 17:56:24 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2006-09-02 17:56:24 +0000 |
commit | ba5297eb2dafb5db8d4225023f2e8ec899bade0c (patch) | |
tree | ba01feb10adbd4b9b29d8dd94566489f5c828371 /usr.sbin/wpa | |
parent | 8c7fe5bd194ac00ad397f375c65dcc3235b9d172 (diff) | |
download | FreeBSD-src-ba5297eb2dafb5db8d4225023f2e8ec899bade0c.zip FreeBSD-src-ba5297eb2dafb5db8d4225023f2e8ec899bade0c.tar.gz |
incorporate Rui Paulo's work
Obtained from: netbsd
Diffstat (limited to 'usr.sbin/wpa')
-rw-r--r-- | usr.sbin/wpa/hostapd/hostapd.conf.5 | 158 |
1 files changed, 156 insertions, 2 deletions
diff --git a/usr.sbin/wpa/hostapd/hostapd.conf.5 b/usr.sbin/wpa/hostapd/hostapd.conf.5 index 4631ead..c83d2a8 100644 --- a/usr.sbin/wpa/hostapd/hostapd.conf.5 +++ b/usr.sbin/wpa/hostapd/hostapd.conf.5 @@ -1,4 +1,5 @@ .\" Copyright (c) 2005 Sam Leffler <sam@errno.com> +.\" Copyright (c) 2006 Rui Paulo .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -24,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 16, 2005 +.Dd September 2, 2006 .Dt HOSTAPD.CONF 5 .Os .Sh NAME @@ -33,7 +34,160 @@ .Xr hostapd 8 utility .Sh DESCRIPTION -This is a placeholder for a real manual page. +The +.Xr hostapd 8 +utility +is an authenticator for IEEE 802.11 networks. +It provides full support for WPA/IEEE 802.11i and +can also act as an IEEE 802.1X Authenticator with a suitable +backend Authentication Server (typically +.Tn FreeRADIUS ) . +.Pp +The configuration file consists of global parameters and domain +specific configuration: +.Bl -bullet -offset indent -compact +.It +IEEE 802.1X-2004 +.\" XXX not yet +.\" .It +.\" Integrated EAP server +.\" .It +.\" IEEE 802.11f - Inter-Access Point Protocol (IAPP) +.It +RADIUS client +.It +RADIUS authentication server +.It +WPA/IEEE 802.11i +.El +.Sh GLOBAL PARAMETERS +The following parameters are recognized: +.Bl -tag -width indent +.It Va interface +Interface name. +Should be set in +.Dq hostap +mode. +.It Va debug +Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = +excessive. +.It Va dump_file +Dump file for state information (on SIGUSR1). +.It Va ctrl_interface +The pathname of the directory in which +.Xr hostapd 8 +creates +.Ux +domain socket files for communication +with frontend programs such as +.Xr hostapd_cli 8 . +.It Va ctrl_interface_group +A group name or group ID to use in setting protection on the +control interface file. +This can be set to allow non-root users to access the +control interface files. +If no group is specified, the group ID of the control interface +is not modified and will, typically, be the +group ID of the directory in which the socket is created. +.El +.Sh IEEE 802.1X-2004 PARAMETERS +The following parameters are recognized: +.Bl -tag -width indent +.It Va ieee8021x +Require IEEE 802.1X authorization. +.It Va eap_message +Optional displayable message sent with EAP Request-Identity. +.It Va wep_key_len_broadcast +Key lengths for broadcast keys. +.It Va wep_key_len_unicast +Key lengths for unicast keys. +.It Va wep_rekey_period +Rekeying period in seconds. +.It Va eapol_key_index_workaround +EAPOL-Key index workaround (set bit7) for WinXP Supplicant. +.It Va eap_reauth_period +EAP reauthentication period in seconds. +To disable reauthentication, +use +.Dq 0 . +.\" XXX not yet +.\" .It Va use_pae_group_addr +.El +.\" XXX not yet +.\" .Sh IEEE 802.11f - IAPP PARAMETERS +.\" The following parameters are recognized: +.\" .Bl -tag -width indent +.\" .It Va iapp_interface +.\" Interface to be used for IAPP broadcast packets +.\" .El +.Sh RADIUS CLIENT PARAMETERS +The following parameters are recognized: +.Bl -tag -width indent +.It Va own_ip_addr +The own IP address of the access point (used as NAS-IP-Address). +.It Va nas_identifier +Optional NAS-Identifier string for RADIUS messages. +.It Va auth_server_addr , auth_server_port , auth_server_shared_secret +RADIUS authentication server parameters. +Can be defined twice for secondary servers to be used if primary one +does not reply to RADIUS packets. +.It Va acct_server_addr , acct_server_port , acct_server_shared_secret +RADIUS accounting server parameters. +Can be defined twice for secondary servers to be used if primary one +does not reply to RADIUS packets. +.It Va radius_retry_primary_interval +Retry interval for trying to return to the primary RADIUS server (in +seconds). +.It Va radius_acct_interim_interval +Interim accounting update interval. +If this is set (larger than 0) and acct_server is configured, +.Xr hostapd 8 +will send interim accounting updates every N seconds. +.El +.Sh RADIUS AUTHENTICATION SERVER PARAMETERS +The following parameters are recognized: +.Bl -tag -width indent +.It Va radius_server_clients +File name of the RADIUS clients configuration for the RADIUS server. +If this is commented out, RADIUS server is disabled. +.It Va radius_server_auth_port +The UDP port number for the RADIUS authentication server. +.It Va radius_server_ipv6 +Use IPv6 with RADIUS server. +.El +.Sh WPA/IEEE 802.11i PARAMETERS +The following parameters are recognized: +.Bl -tag -width indent +.It Va wpa +Enable WPA. +Setting this variable configures the AP to require WPA (either +WPA-PSK or WPA-RADIUS/EAP based on other configuration). +.It Va wpa_psk , wpa_passphrase +WPA pre-shared keys for WPA-PSK. +This can be either entered as a 256-bit secret in hex format (64 hex +digits), wpa_psk, or as an ASCII passphrase (8..63 characters) that +will be converted to PSK. +This conversion uses SSID so the PSK changes when ASCII passphrase is +used and the SSID is changed. +.It Va wpa_psk_file +Optionally, WPA PSKs can be read from a separate text file (containing a +list of (PSK,MAC address) pairs. +.It Va wpa_key_mgmt +Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). +.It Va wpa_pairwise +Set of accepted cipher suites (encryption algorithms) for pairwise keys +(unicast packets). +See the example file for more information. +.It Va wpa_group_rekey +Time interval for rekeying GTK (broadcast/multicast encryption keys) in +seconds. +.It Va wpa_strict_rekey +Rekey GTK when any STA that possesses the current GTK is leaving the +BSS. +.It Va wpa_gmk_rekey +Time interval for rekeying GMK (master key used internally to generate GTKs +(in seconds). +.El .Sh SEE ALSO .Xr hostapd 8 , .Xr hostapd_cli 8 |