[pkg-wpa-devel] Different configuration files for different users

Reinhard Tartler siretart at tauware.de
Tue Mar 28 14:18:31 UTC 2006 

On Thu, Mar 23, 2006 at 09:58:45AM +0100, Antonio Casado Rodríguez wrote:
> Different configuration files for different users
> 
> My department has a laptop, which is used by several persons. 
> [...]
> I need to have different configurations for each person.  How I 
> configure the system?
> 
> I have seen the possibility of:
> iface wlan0 inet dhcp
>  wpa-conf /home/user/.wpa/wpa_supplicant.conf
> 
> But that isn't automatic, i like something that:
> iface wlan0 inet dhcp
>  wpa-conf $HOME/.wpa/wpa_supplicant.conf   OR  wpa-conf  $WPA-CONF

This is tricky, because when ifupping an interface, what should $HOME
refert to? obviously not root, but how to know which user is currently
requesting to authenticate himself? The one that is currently logged in?
What do you do if there are several users logged in at the same time?

> I think in other possibility like ppp:
> 
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=1
> ap_scan=1
> fast_reauth=1
> network={
> ssid="xxx"
> key_mgmt=WPA-EAP
> eap=TTLS
>  phase2="auth=PAP"
> pap_file="/etc/wpasupplicant/pap-secrets"
> }

I don't understand this solution. What do you get with this?

> And another possibility is that wpa_supplicant asks the user and 
> password to user in runtime:
> 
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=1
> ap_scan=1
> fast_reauth=1
> network={
> ssid="xxx"
> key_mgmt=WPA-EAP
> eap=TTLS
>  phase2="auth=PAP"
>  ondemand_userpass=1
> }

This would need work upstream. 

> What you think?

I think you can do this already today, without much work from us. Use a
system wide wpa_supplicant configuration, which contains at least the
following in the global section:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=admin

(or any other admin group you created locally).

Now provide a script to each user (only readable by the user) which
issues commands to the supplicant via wpa_cli, to authenticate against
your network.

Have a look at our /etc/wpa_supplicant/ifupdown.d/wpasupplicant script
as an inspiration how versatile wpa_cli(8) is. You can say the
supplicant every configuration detail you would normally do with a
configuration file, besides specifying a control interface and
permissions, I think.

Does this help you?

Gruesse,
	Reinhard

More information about the Pkg-wpa-devel mailing list