TNC: Added TNC server support into documentation and ChangeLogs
This commit is contained in:
Jouni Malinen
parent
c80a74d70c
commit
502a293e30
|
|
@ -4,6 +4,10 @@ ChangeLog for hostapd
|
||||||
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
|
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
|
||||||
Identity Request if identity is already known
|
Identity Request if identity is already known
|
||||||
* added support for EAP Sequences in EAP-FAST Phase 2
|
* added support for EAP Sequences in EAP-FAST Phase 2
|
||||||
|
* added support for EAP-TNC (Trusted Network Connect)
|
||||||
|
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
|
||||||
|
changes needed to run two methods in sequence (IF-T) and the IF-IMV
|
||||||
|
and IF-TNCCS interfaces from TNCS)
|
||||||
|
|
||||||
2008-02-22 - v0.6.3
|
2008-02-22 - v0.6.3
|
||||||
* fixed Reassociation Response callback processing when using internal
|
* fixed Reassociation Response callback processing when using internal
|
||||||
|
|
|
||||||
|
|
@ -101,6 +101,9 @@ CONFIG_EAP_TTLS=y
|
||||||
# EAP-IKEv2
|
# EAP-IKEv2
|
||||||
#CONFIG_EAP_IKEV2=y
|
#CONFIG_EAP_IKEV2=y
|
||||||
|
|
||||||
|
# Trusted Network Connect (EAP-TNC)
|
||||||
|
#CONFIG_EAP_TNC=y
|
||||||
|
|
||||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||||
# a file that usually has extension .p12 or .pfx)
|
# a file that usually has extension .p12 or .pfx)
|
||||||
CONFIG_PKCS12=y
|
CONFIG_PKCS12=y
|
||||||
|
|
|
||||||
|
|
@ -49,6 +49,7 @@ EAP-TTLS/EAP-MSCHAPv2 + + - - -
|
||||||
EAP-TTLS/EAP-TLS + F - - -
|
EAP-TTLS/EAP-TLS + F - - -
|
||||||
EAP-TTLS/EAP-SIM + + - - -
|
EAP-TTLS/EAP-SIM + + - - -
|
||||||
EAP-TTLS/EAP-AKA + + - - -
|
EAP-TTLS/EAP-AKA + + - - -
|
||||||
|
EAP-TTLS + TNC + - - - -
|
||||||
EAP-SIM + + - - +
|
EAP-SIM + + - - +
|
||||||
EAP-AKA + + - - -
|
EAP-AKA + + - - -
|
||||||
EAP-PAX + - - - -
|
EAP-PAX + - - - -
|
||||||
|
|
@ -67,7 +68,9 @@ EAP-FAST/MD5(auth) + - + - -
|
||||||
EAP-FAST/TLS(auth) + - - - -
|
EAP-FAST/TLS(auth) + - - - -
|
||||||
EAP-FAST/SIM(auth) + - - - -
|
EAP-FAST/SIM(auth) + - - - -
|
||||||
EAP-FAST/AKA(auth) + - - - -
|
EAP-FAST/AKA(auth) + - - - -
|
||||||
|
EAP-FAST + TNC + - - - -
|
||||||
EAP-IKEv2 + - - - -
|
EAP-IKEv2 + - - - -
|
||||||
|
EAP-TNC + - - - -
|
||||||
|
|
||||||
1) EAP-TLS itself worked, but peer certificate validation failed at
|
1) EAP-TLS itself worked, but peer certificate validation failed at
|
||||||
least when using the internal TLS server (peer included incorrect
|
least when using the internal TLS server (peer included incorrect
|
||||||
|
|
|
||||||
|
|
@ -490,6 +490,12 @@ eap_server=0
|
||||||
# (default: 0 = disabled).
|
# (default: 0 = disabled).
|
||||||
#eap_sim_aka_result_ind=1
|
#eap_sim_aka_result_ind=1
|
||||||
|
|
||||||
|
# Trusted Network Connect (TNC)
|
||||||
|
# If enabled, TNC validation will be required before the peer is allowed to
|
||||||
|
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
|
||||||
|
# EAP method is enabled, the peer will be allowed to connect without TNC.
|
||||||
|
#tnc=1
|
||||||
|
|
||||||
|
|
||||||
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
|
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -91,6 +91,7 @@ EAP-TTLS/EAP-PSK - - - - - - - - - - + -
|
||||||
EAP-TTLS/EAP-PAX - - - - - - - - - - + -
|
EAP-TTLS/EAP-PAX - - - - - - - - - - + -
|
||||||
EAP-TTLS/EAP-SAKE - - - - - - - - - - + -
|
EAP-TTLS/EAP-SAKE - - - - - - - - - - + -
|
||||||
EAP-TTLS/EAP-GPSK - - - - - - - - - - + -
|
EAP-TTLS/EAP-GPSK - - - - - - - - - - + -
|
||||||
|
EAP-TTLS + TNC - - - - - + - - - - + -
|
||||||
EAP-SIM + - - ? - + - ? - - + -
|
EAP-SIM + - - ? - + - ? - - + -
|
||||||
EAP-AKA - - - - - + - - - - + -
|
EAP-AKA - - - - - + - - - - + -
|
||||||
EAP-PSK +7 - - - - + - - - - + -
|
EAP-PSK +7 - - - - + - - - - + -
|
||||||
|
|
@ -110,8 +111,9 @@ EAP-FAST/MD5(auth) - - - - - - - - - - + -
|
||||||
EAP-FAST/TLS(auth) - - - - - - - - - - + +
|
EAP-FAST/TLS(auth) - - - - - - - - - - + +
|
||||||
EAP-FAST/SIM(auth) - - - - - - - - - - + -
|
EAP-FAST/SIM(auth) - - - - - - - - - - + -
|
||||||
EAP-FAST/AKA(auth) - - - - - - - - - - + -
|
EAP-FAST/AKA(auth) - - - - - - - - - - + -
|
||||||
|
EAP-FAST + TNC - - - - - - - - - - + -
|
||||||
LEAP + - + + + + F +6 - + - +
|
LEAP + - + + + + F +6 - + - +
|
||||||
EAP-TNC +9 - - - - + - - - - - -
|
EAP-TNC +9 - - - - + - - - - + -
|
||||||
EAP-IKEv2 +10 - - - - - - - - - + -
|
EAP-IKEv2 +10 - - - - - - - - - + -
|
||||||
|
|
||||||
1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP
|
1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@
|
||||||
<head>
|
<head>
|
||||||
<title>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</title>
|
<title>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</title>
|
||||||
<meta name="description" content="hostapd (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i Authenticator and RADIUS authentication server)">
|
<meta name="description" content="hostapd (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i Authenticator and RADIUS authentication server)">
|
||||||
<meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Authenticator, hostapd, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-PAX, EAP-PSK, EAP-FAST, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Authenticator, FreeBSD WPA Authenticator, RADIUS authentication server, EAP authenticator, EAP server">
|
<meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Authenticator, hostapd, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-PAX, EAP-PSK, EAP-FAST, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Authenticator, FreeBSD WPA Authenticator, RADIUS authentication server, EAP authenticator, EAP server, EAP-TNC, TNCS, IF-IMV, IF-TNCCS">
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
|
|
@ -68,6 +68,7 @@ material, they cannot be used with WPA or IEEE 802.1X WEP keying.</p>
|
||||||
<li>EAP-MD5-Challenge</li>
|
<li>EAP-MD5-Challenge</li>
|
||||||
<li>EAP-MSCHAPv2</li>
|
<li>EAP-MSCHAPv2</li>
|
||||||
<li>EAP-GTC</li>
|
<li>EAP-GTC</li>
|
||||||
|
<li>EAP-TNC (Trusted Network Connect; TNCS, IF-IMV, IF-T, IF-TNCCS)</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
<p>More information about EAP methods and interoperability testing is
|
<p>More information about EAP methods and interoperability testing is
|
||||||
|
|
@ -265,7 +266,7 @@ Internet Systems Consortium (ISC).
|
||||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||||
<!-- Created: Sun Jan 2 17:20:17 PST 2005 -->
|
<!-- Created: Sun Jan 2 17:20:17 PST 2005 -->
|
||||||
<!-- hhmts start -->
|
<!-- hhmts start -->
|
||||||
Last modified: Sat Feb 23 15:47:24 PST 2008
|
Last modified: Sun Mar 9 12:12:08 EET 2008
|
||||||
<!-- hhmts end -->
|
<!-- hhmts end -->
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue