Hi Casper,
Casper.Dik at Sun.COM wrote:
> ...
> So I am wondering what is needed in (Open)Solaris to support
> the remainder of these?
>
> Is it:
> - support in each and every wireless driver?
> - support in a common kernel module?
>
With the putback of the project "PSARC 2006/046 Wireless WPA
Supplicant", the framework of WPA
has been integrated into Solaris build 64, it included: a new service
"network/wpa" is introduced, the
libdladm/dladm, gldv3/mac-wifi plugin, net80211 kernel module, ath
driver, and nwam have been enhanced
to support the WPA/WPA2.
At present, we have 5 drivers supporting WPA/WPA2: ath, iwi, wpi, ral,
iwk, and if a new driver want to support
WPA in future, it's very easy, just additional 2 lines codes will be okay.
>
> - some additional porting required for wpa_supplicant?
>
Yes, to support WPA-Enterprise, we need to implement the full IEEE802.1X
protocol to the wpa daemon, plus those
EAP methods, such as EAP-TLS, EAP-TTLS, ... etc. We need to enhance the
libdladm/dladm to support the
WPA-Enterprise configuration, nwam too. Since there are some sensitive
informations in WPA-Enterprise, like certificates,
usernames/passwords, etc, KMF is a must to do this.
Wifi drivers and gldv3/net80211 kernel modules needn't to be changed
when we go to the WPA-Enterprise..
Thanks,
--
Quaker
> or a combination of the three?
>
> Features
> --------
>
> Supported WPA/IEEE 802.11i features:
> - WPA-PSK ("WPA-Personal")
> - WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")
> Following authentication methods are supported with an integrate IEEE 802.1X
> Supplicant:
> * EAP-TLS
> * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
> * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
> * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
> * EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
> * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
> * EAP-TTLS/EAP-MD5-Challenge
> * EAP-TTLS/EAP-GTC
> * EAP-TTLS/EAP-OTP
> * EAP-TTLS/EAP-MSCHAPv2
> * EAP-TTLS/EAP-TLS
> * EAP-TTLS/MSCHAPv2
> * EAP-TTLS/MSCHAP
> * EAP-TTLS/PAP
> * EAP-TTLS/CHAP
> * EAP-SIM
> * LEAP (note: only with WEP keys, i.e., not for WPA; in addition, LEAP
> requires special support from the driver for IEEE 802.11
> authentication)
> (following methods are supported, but since they do not generate keying
> material, they cannot be used with WPA or IEEE 802.1X WEP keying)
> * EAP-MD5-Challenge
> * EAP-MSCHAPv2
> * EAP-GTC
> * EAP-OTP
> Alternatively, an external program, e.g., Xsupplicant, can be used for EAP
> authentication.
> - key management for CCMP, TKIP, WEP104, WEP40
> - RSN/WPA2 (IEEE 802.11i)
> * pre-authentication
> * PMKSA caching
>
>
>
> Casper
> _______________________________________________
> laptop-discuss mailing list
> laptop-discuss at opensolaris.org
>
