TNC: Added TNC server support into documentation and ChangeLogs

This commit is contained in:
Jouni Malinen 2008-03-09 12:14:15 +02:00
parent c80a74d70c
commit 502a293e30
6 changed files with 22 additions and 3 deletions

View file

@ -4,6 +4,10 @@ ChangeLog for hostapd
* added peer identity into EAP-FAST PAC-Opaque and skip Phase 2 * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2
Identity Request if identity is already known Identity Request if identity is already known
* added support for EAP Sequences in EAP-FAST Phase 2 * added support for EAP Sequences in EAP-FAST Phase 2
* added support for EAP-TNC (Trusted Network Connect)
(this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST
changes needed to run two methods in sequence (IF-T) and the IF-IMV
and IF-TNCCS interfaces from TNCS)
2008-02-22 - v0.6.3 2008-02-22 - v0.6.3
* fixed Reassociation Response callback processing when using internal * fixed Reassociation Response callback processing when using internal

View file

@ -101,6 +101,9 @@ CONFIG_EAP_TTLS=y
# EAP-IKEv2 # EAP-IKEv2
#CONFIG_EAP_IKEV2=y #CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from # PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx) # a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y CONFIG_PKCS12=y

View file

@ -49,6 +49,7 @@ EAP-TTLS/EAP-MSCHAPv2 + + - - -
EAP-TTLS/EAP-TLS + F - - - EAP-TTLS/EAP-TLS + F - - -
EAP-TTLS/EAP-SIM + + - - - EAP-TTLS/EAP-SIM + + - - -
EAP-TTLS/EAP-AKA + + - - - EAP-TTLS/EAP-AKA + + - - -
EAP-TTLS + TNC + - - - -
EAP-SIM + + - - + EAP-SIM + + - - +
EAP-AKA + + - - - EAP-AKA + + - - -
EAP-PAX + - - - - EAP-PAX + - - - -
@ -67,7 +68,9 @@ EAP-FAST/MD5(auth) + - + - -
EAP-FAST/TLS(auth) + - - - - EAP-FAST/TLS(auth) + - - - -
EAP-FAST/SIM(auth) + - - - - EAP-FAST/SIM(auth) + - - - -
EAP-FAST/AKA(auth) + - - - - EAP-FAST/AKA(auth) + - - - -
EAP-FAST + TNC + - - - -
EAP-IKEv2 + - - - - EAP-IKEv2 + - - - -
EAP-TNC + - - - -
1) EAP-TLS itself worked, but peer certificate validation failed at 1) EAP-TLS itself worked, but peer certificate validation failed at
least when using the internal TLS server (peer included incorrect least when using the internal TLS server (peer included incorrect

View file

@ -490,6 +490,12 @@ eap_server=0
# (default: 0 = disabled). # (default: 0 = disabled).
#eap_sim_aka_result_ind=1 #eap_sim_aka_result_ind=1
# Trusted Network Connect (TNC)
# If enabled, TNC validation will be required before the peer is allowed to
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other
# EAP method is enabled, the peer will be allowed to connect without TNC.
#tnc=1
##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### ##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) #######################

View file

@ -91,6 +91,7 @@ EAP-TTLS/EAP-PSK - - - - - - - - - - + -
EAP-TTLS/EAP-PAX - - - - - - - - - - + - EAP-TTLS/EAP-PAX - - - - - - - - - - + -
EAP-TTLS/EAP-SAKE - - - - - - - - - - + - EAP-TTLS/EAP-SAKE - - - - - - - - - - + -
EAP-TTLS/EAP-GPSK - - - - - - - - - - + - EAP-TTLS/EAP-GPSK - - - - - - - - - - + -
EAP-TTLS + TNC - - - - - + - - - - + -
EAP-SIM + - - ? - + - ? - - + - EAP-SIM + - - ? - + - ? - - + -
EAP-AKA - - - - - + - - - - + - EAP-AKA - - - - - + - - - - + -
EAP-PSK +7 - - - - + - - - - + - EAP-PSK +7 - - - - + - - - - + -
@ -110,8 +111,9 @@ EAP-FAST/MD5(auth) - - - - - - - - - - + -
EAP-FAST/TLS(auth) - - - - - - - - - - + + EAP-FAST/TLS(auth) - - - - - - - - - - + +
EAP-FAST/SIM(auth) - - - - - - - - - - + - EAP-FAST/SIM(auth) - - - - - - - - - - + -
EAP-FAST/AKA(auth) - - - - - - - - - - + - EAP-FAST/AKA(auth) - - - - - - - - - - + -
EAP-FAST + TNC - - - - - - - - - - + -
LEAP + - + + + + F +6 - + - + LEAP + - + + + + F +6 - + - +
EAP-TNC +9 - - - - + - - - - - - EAP-TNC +9 - - - - + - - - - + -
EAP-IKEv2 +10 - - - - - - - - - + - EAP-IKEv2 +10 - - - - - - - - - + -
1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP 1) PEAPv1 required new label, "client PEAP encryption" instead of "client EAP

View file

@ -3,7 +3,7 @@
<head> <head>
<title>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</title> <title>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</title>
<meta name="description" content="hostapd (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i Authenticator and RADIUS authentication server)"> <meta name="description" content="hostapd (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i Authenticator and RADIUS authentication server)">
<meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Authenticator, hostapd, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-PAX, EAP-PSK, EAP-FAST, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Authenticator, FreeBSD WPA Authenticator, RADIUS authentication server, EAP authenticator, EAP server"> <meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Authenticator, hostapd, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-PAX, EAP-PSK, EAP-FAST, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Authenticator, FreeBSD WPA Authenticator, RADIUS authentication server, EAP authenticator, EAP server, EAP-TNC, TNCS, IF-IMV, IF-TNCCS">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head> </head>
@ -68,6 +68,7 @@ material, they cannot be used with WPA or IEEE 802.1X WEP keying.</p>
<li>EAP-MD5-Challenge</li> <li>EAP-MD5-Challenge</li>
<li>EAP-MSCHAPv2</li> <li>EAP-MSCHAPv2</li>
<li>EAP-GTC</li> <li>EAP-GTC</li>
<li>EAP-TNC (Trusted Network Connect; TNCS, IF-IMV, IF-T, IF-TNCCS)</li>
</ul> </ul>
<p>More information about EAP methods and interoperability testing is <p>More information about EAP methods and interoperability testing is
@ -265,7 +266,7 @@ Internet Systems Consortium (ISC).
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address> <address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
<!-- Created: Sun Jan 2 17:20:17 PST 2005 --> <!-- Created: Sun Jan 2 17:20:17 PST 2005 -->
<!-- hhmts start --> <!-- hhmts start -->
Last modified: Sat Feb 23 15:47:24 PST 2008 Last modified: Sun Mar 9 12:12:08 EET 2008
<!-- hhmts end --> <!-- hhmts end -->
</div> </div>
</body> </body>