aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-07-31 21:02:02 (GMT)
committerJouni Malinen <j@w1.fi>2019-08-01 07:36:11 (GMT)
commit6bb11c7a405616de9a2b3af395117ebe7bdc7047 (patch)
tree18da671f57314bee1c5d7e6614b146d3722de16c /hostapd
parentc1b2365214beacd834811fad2774e03177e008ce (diff)
downloadhostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.zip
hostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.tar.gz
hostap-6bb11c7a405616de9a2b3af395117ebe7bdc7047.tar.bz2
EAP-SIM/AKA server: Allow pseudonym/fast reauth to be disabled
The new hostapd configuration option eap_sim_id can now be used to disable use of pseudonym and/or fast reauthentication with EAP-SIM, EAP-AKA, and EAP-AKA'. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/config_file.c2
-rw-r--r--hostapd/hostapd.conf7
2 files changed, 9 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 1f2c565..e09e6e1 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2629,6 +2629,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->eap_sim_db_timeout = atoi(pos);
} else if (os_strcmp(buf, "eap_sim_aka_result_ind") == 0) {
bss->eap_sim_aka_result_ind = atoi(pos);
+ } else if (os_strcmp(buf, "eap_sim_id") == 0) {
+ bss->eap_sim_id = atoi(pos);
#endif /* EAP_SERVER_SIM */
#ifdef EAP_SERVER_TNC
} else if (os_strcmp(buf, "tnc") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 5138aee..ce3ecdd 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1205,6 +1205,13 @@ eap_server=0
# (default: 0 = disabled).
#eap_sim_aka_result_ind=1
+# EAP-SIM and EAP-AKA identity options
+# 0 = do not use pseudonyms or fast reauthentication
+# 1 = use pseudonyms, but not fast reauthentication
+# 2 = do not use pseudonyms, but use fast reauthentication
+# 3 = use pseudonyms and use fast reauthentication (default)
+#eap_sim_id=3
+
# Trusted Network Connect (TNC)
# If enabled, TNC validation will be required before the peer is allowed to
# connect. Note: This is only used with EAP-TTLS and EAP-FAST. If any other