The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Rademaker,Hans J.G." <h.rademaker AT fontys.nl>]

Hello Stefan,

The man page is a very short summary. And it does not say it's not suitable 
for passwords either. It only seems to hash the authentication input, wether 
it is a psk or password seems irrelevant to my logical reasoning, but hey 
that's only me.

I am using it for some years now, at fontys. With eduroam, and before that 
with our fontys essid, it's configured the same way as eduroam is.
But don't throw it out in the open on only my account, it still needs to be 
tested at your end.


And looking at your man page I stumbeled over a familiar link:

https://wiki.archlinux.org/index.php/WPA_supplicant
and then at the end of the article starting from "Password-related problems"

There it is advised to use wpa_cli. So there is a more reliable method. I can 
see if I can script something but probably not before february.  I'll get 
back to you if I have something.


And reading a bit further:

Ensure that your config uses
phase2="auth=MSCHAPV2"

Maybe have a look at  line 381?


Met vriendelijke groet,
[fontys.png]<http://www.fontys.nl/>

Hans Rademaker • Dienst IT • Fontys Hogescholen                               
                          [linux.png]
Ik werk niet op vrijdag • 0885073070
Handleidingen en handige links:
Handleidingen<https://connect.fontys.nl/diensten/IT/handleidingen> • 
Leslokalen<https://connect.fontys.nl/diensten/IT/handleidingen/Paginas/Audio_visuele_middelen.aspx>
 • Office Hulp<https://support.office.com/nl-be> • 
Webwinkel<https://connect.fontys.nl/diensten/IT/it-webwinkel> • 
Storingen<https://allesoverict.fontys.nl/pages/StoringenOnderhoud.aspx> • 
Office365-Training<https://support.office.com/nl-nl/article/Office-trainingscentrum-b8f02f81-ec85-4493-a39b-4c48e6bc4bfb?ui=nl-NL&rs=nl-NL&ad=NL>


On 18-12-17 16:46, Stefan Winter wrote:

Hi,



A colleague of me has made an suggestion for an more secure Linux
configuration in case the first option based with python script fails.



I tried to translate his explanation: in case the first method fails the
tools starts a second procedure with shell scripting.

With this method the password is stored in plaintext in the
wpa_supplicant config file. Users are informed about this during the
installation.



Following my colleague  there is an standard tool included in the
wpa_supplicant suite which can hash the password in the component
"wpa_passphrase".

This has been added in rules 407 en 420  of the attachment.



This doesn't look correct to me: the manpage of wpa_passphrase speaks of
WPA2-PSK and not about user passwords:


man 8 wpa_passphrase:

 wpa_passphrase - Generate a WPA PSK from an ASCII passphrase for a SSID



Can this be helpful for the developers?



If it were assured that this function actually works with user
passwords, not PSKs, then maybe.

What makes you think so? Does this really *work*?

Greetings,

Stefan Winter



========================================================== Op deze e-mail 
zijn de volgende voorwaarden van toepassing: http://www.fontys.nl/disclaimer 
The above disclaimer applies to this e-mail message.