> Radius w/ TTLS WPA2 is a niche, believe me or not,
>outside of universities, only one paranoid person I know actually uses
>it, so maybe you should be aware of the core guidelines OpenSolaris
>has to follow and the tasks at hand to make it even semi-usable for
>non-enthusiasts.
Yes, but it seems that the code we base our wpa_supplicant on does
support the features listed below in the README.
So I am wondering what is needed in (Open)Solaris to support
the remainder of these?
Is it:
- support in each and every wireless driver?
- support in a common kernel module?
- some additional porting required for wpa_supplicant?
or a combination of the three?
Features
--------
Supported WPA/IEEE 802.11i features:
- WPA-PSK ("WPA-Personal")
- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
Following authentication methods are supported with an integrate IEEE 802.1X
Supplicant:
* EAP-TLS
* EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
* EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
* EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
* EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
* EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
* EAP-TTLS/EAP-MD5-Challenge
* EAP-TTLS/EAP-GTC
* EAP-TTLS/EAP-OTP
* EAP-TTLS/EAP-MSCHAPv2
* EAP-TTLS/EAP-TLS
* EAP-TTLS/MSCHAPv2
* EAP-TTLS/MSCHAP
* EAP-TTLS/PAP
* EAP-TTLS/CHAP
* EAP-SIM
* LEAP (note: only with WEP keys, i.e., not for WPA; in addition, LEAP
requires special support from the driver for IEEE 802.11
authentication)
(following methods are supported, but since they do not generate keying
material, they cannot be used with WPA or IEEE 802.1X WEP keying)
* EAP-MD5-Challenge
* EAP-MSCHAPv2
* EAP-GTC
* EAP-OTP
Alternatively, an external program, e.g., Xsupplicant, can be used for EAP
authentication.
- key management for CCMP, TKIP, WEP104, WEP40
- RSN/WPA2 (IEEE 802.11i)
* pre-authentication
* PMKSA caching
Casper
