On Thu, Jan 03, 2019 at 08:16:08PM -0800, Carlito Nueno wrote: > Is there a way to point hostapd to a database for user authentication? For EAP authentication, yes, an SQLite database can be used (see eap_user_file in hostapd/hostapd.conf). > This is instead of using wpa_psk_file with MAC pairing on each access point. > > For example, each user is authenticated based on unique/individual password. Are you looking to do this based on MAC address and not username? And using WPA2-Personal (PSK)? If so, there is no such functionality to replace wpa_psk_file, but you might be able to use macaddr_acl=2 and wpa_psk_radius=2 to get the passphrase/PSK from a RADIUS server and then also run hostapd as the RADIUS server with an SQLite database. That said, this might not be fully supported currently due to the need for RADIUS Tunnel-Password attribute addition needing special rules that might be available only through the EAP user file, not SQLite databse. Anyway, this approach of using an external RADIUS server might be usable. I'm not sure what the use case would be for using WPA2-Personal with so many (or so dynamic) per-MAC-address passphrases to justify this type of complexity, though.. SAE with password identifiers might make more sense to support with a database of passwords, but for most cases, I'd go with EAP authentication and unique user names rather than MAC addresses. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
