Layer2auth #1343
Open
Layer2auth #1343
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've implemented layer 2 authentication in this pull request. The changes pertains to
pscheduler-test-dot1xandpscheduler-tool-umichwpa. Packaging rules have been configured accordingly. Major changes have been made to accommodate secure handling of user credentials to execute the command. In order to execute the task, SSID, interface, and key-management options are required. They are required because this information is essential to generating the config file for wpa_supplicant.In addition to taking in the most necessary parameters, an additional layer is added to check whether the username and password is supplied to the program. If username and password options are not supplied, a token option can be used to search for a corresponding line with matching identifier in the format of
<identifier> <username> <password>. The program would then take in username and password in the program.The program would initialize the wpa_supplicant interface if it doesn't already exist. After that, the program would rewrite the config file with new information regarding the login credentials. The program would then reconfigure the interface with the most up-to-date login credentials. However, the program can only auth to enterprise network (eg. eduroam) for now. In the future, key-management option may specify for an open network and config files can be generated separately.
After reconfiguration, the program would iteratively check for the
wpa_state. The authentication process is only completed once wpa_state is completed. If any state fails in between, the program would timeout and returns an error. Otherwise, the program would print the information when the state is completed.