Le 16/08/2015 08:11, Laurent Bercot a écrit :
On 16/08/2015 06:53, Steve Litt wrote:
The toughest part is how to store the passwords in a way that isn't a
security problem.
Unfortunately, /etc/wpa_supplicant.conf doesn't have an include feature
(which is strange, because hostapd supports a wpa_psk_file option).
So you have to store the passwords (or the equivalent binary PSKs) in
the
configuration file, and make this file readable only from root - which
means
you need a small suid root binary to write the whole configuration file.
Password security isn't a problem that you can fix at the interface
level,
it's something that must be tightly integrated with the tool that uses
the
password - and there's no doubt wpa_supplicant could do better here.
wpa_supplicant.conf contains very little apart from the authentication
information for the various wifi stations, therefore there is little need to
put the passwords in different files.
Wpa_gui discovers the properties of the stations (crypting and
authentication
methods) and prompts you for the passwords. Then it passes all
connection and
authentication information to wpa_supplicant, which stores them. I bet the
same is possible with wpa_cli and wpa_actions, which are packaged with
wpa_supplicant.
I have made my wpa_gui suid, but I just read the following in 'man
wpa_cli':
# The control interface of wpa_supplicant can be configured to
allow non-root user access
# (ctrl_interface GROUP= parameter in the configuration file). This
makes it possible to run wpa_cli
# with a normal user account.
Just 'adduser myself wifigroup'
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
