diff options
Diffstat (limited to 'contrib/wpa/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5')
| -rw-r--r-- | contrib/wpa/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 | 225 |
1 files changed, 0 insertions, 225 deletions
diff --git a/contrib/wpa/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 b/contrib/wpa/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 deleted file mode 100644 index 6f57aa0..0000000 --- a/contrib/wpa/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 +++ /dev/null @@ -1,225 +0,0 @@ -.\" This manpage has been automatically generated by docbook2man -.\" from a DocBook document. This tool can be found at: -.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> -.\" Please send any bug reports, improvements, comments, patches, -.\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WPA_SUPPLICANT.CONF" "5" "12 January 2013" "" "" - -.SH NAME -wpa_supplicant.conf \- configuration file for wpa_supplicant -.SH "OVERVIEW" -.PP -\fBwpa_supplicant\fR is configured using a text -file that lists all accepted networks and security policies, -including pre-shared keys. See the example configuration file, -probably in \fB/usr/share/doc/wpa_supplicant/\fR, for -detailed information about the configuration format and supported -fields. -.PP -All file paths in this configuration file should use full -(absolute, not relative to working directory) path in order to allow -working directory to be changed. This can happen if wpa_supplicant is -run in the background. -.PP -Changes to configuration file can be reloaded be sending -SIGHUP signal to \fBwpa_supplicant\fR ('killall -HUP -wpa_supplicant'). Similarly, reloading can be triggered with -the \fBwpa_cli reconfigure\fR command. -.PP -Configuration file can include one or more network blocks, -e.g., one for each used SSID. wpa_supplicant will automatically -select the best network based on the order of network blocks in -the configuration file, network security level (WPA/WPA2 is -preferred), and signal strength. -.SH "QUICK EXAMPLES" -.TP 3 -1. -WPA-Personal (PSK) as home network and WPA-Enterprise with -EAP-TLS as work network. -.sp -.RS - -.nf -# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -# -# home network; allow all valid ciphers -network={ - ssid="home" - scan_ssid=1 - key_mgmt=WPA-PSK - psk="very secret passphrase" -} -# -# work network; use EAP-TLS with WPA; allow only CCMP and TKIP ciphers -network={ - ssid="work" - scan_ssid=1 - key_mgmt=WPA-EAP - pairwise=CCMP TKIP - group=CCMP TKIP - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" -} -.fi -.RE -.TP 3 -2. -WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that -use old peaplabel (e.g., Funk Odyssey and SBR, Meetinghouse -Aegis, Interlink RAD-Series) -.sp -.RS - -.nf -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -network={ - ssid="example" - scan_ssid=1 - key_mgmt=WPA-EAP - eap=PEAP - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase1="peaplabel=0" - phase2="auth=MSCHAPV2" -} -.fi -.RE -.TP 3 -3. -EAP-TTLS/EAP-MD5-Challenge configuration with anonymous -identity for the unencrypted use. Real identity is sent only -within an encrypted TLS tunnel. -.sp -.RS - -.nf -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -network={ - ssid="example" - scan_ssid=1 - key_mgmt=WPA-EAP - eap=TTLS - identity="user@example.com" - anonymous_identity="anonymous@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - phase2="auth=MD5" -} -.fi -.RE -.TP 3 -4. -IEEE 802.1X (i.e., no WPA) with dynamic WEP keys -(require both unicast and broadcast); use EAP-TLS for -authentication -.sp -.RS - -.nf -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -network={ - ssid="1x-test" - scan_ssid=1 - key_mgmt=IEEE8021X - eap=TLS - identity="user@example.com" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - eapol_flags=3 -} -.fi -.RE -.TP 3 -5. -Catch all example that allows more or less all -configuration modes. The configuration options are used based -on what security policy is used in the selected SSID. This is -mostly for testing and is not recommended for normal -use. -.sp -.RS - -.nf -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -network={ - ssid="example" - scan_ssid=1 - key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE - pairwise=CCMP TKIP - group=CCMP TKIP WEP104 WEP40 - psk="very secret passphrase" - eap=TTLS PEAP TLS - identity="user@example.com" - password="foobar" - ca_cert="/etc/cert/ca.pem" - client_cert="/etc/cert/user.pem" - private_key="/etc/cert/user.prv" - private_key_passwd="password" - phase1="peaplabel=0" - ca_cert2="/etc/cert/ca2.pem" - client_cert2="/etc/cer/user.pem" - private_key2="/etc/cer/user.prv" - private_key2_passwd="password" -} -.fi -.RE -.TP 3 -6. -Authentication for wired Ethernet. This can be used with -\fBwired\fR or \fBroboswitch\fR interface -(-Dwired or -Droboswitch on command line). -.sp -.RS - -.nf -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel -ap_scan=0 -network={ - key_mgmt=IEEE8021X - eap=MD5 - identity="user" - password="password" - eapol_flags=0 -} -.fi -.RE -.SH "CERTIFICATES" -.PP -Some EAP authentication methods require use of -certificates. EAP-TLS uses both server side and client -certificates whereas EAP-PEAP and EAP-TTLS only require the server -side certificate. When client certificate is used, a matching -private key file has to also be included in configuration. If the -private key uses a passphrase, this has to be configured in -wpa_supplicant.conf ("private_key_passwd"). -.PP -wpa_supplicant supports X.509 certificates in PEM and DER -formats. User certificate and private key can be included in the -same file. -.PP -If the user certificate and private key is received in -PKCS#12/PFX format, they need to be converted to suitable PEM/DER -format for wpa_supplicant. This can be done, e.g., with following -commands: -.sp -.RS - -.nf -# convert client certificate and private key to PEM format -openssl pkcs12 -in example.pfx -out user.pem -clcerts -# convert CA certificate (if included in PFX file) to PEM format -openssl pkcs12 -in example.pfx -out ca.pem -cacerts -nokeys -.fi -.RE -.SH "SEE ALSO" -.PP -\fBwpa_supplicant\fR(8) -\fBopenssl\fR(1) |
