Provided by: wpasupplicant_0.4.8-3ubuntu1_i386 bug


       wpa_supplicant   -  Wi-Fi  Protected  Access  client  and  IEEE  802.1X


       wpa_supplicant [ -BddehLqqvw ]  [  -iifname  ]  [  -cconfig  file  ]  [
       -Ddriver ]


       Wireless  networks  do  not  require  physical  access  to  the network
       equipment in the same way as wired networks. This makes it  easier  for
       unauthorized  users  to  passively  monitor  a  network and capture all
       transmitted frames.  In addition, unauthorized use of  the  network  is
       much  easier.  In  many  cases,  this  can  happen  even without user’s
       explicit knowledge  since  the  wireless  LAN  adapter  may  have  been
       configured to automatically join any available network.

       Link-layer  encryption  can  be used to provide a layer of security for
       wireless networks. The original wireless  LAN  standard,  IEEE  802.11,
       included a simple encryption mechanism, WEP. However, that proved to be
       flawed in many areas and network protected with WEP cannot be  consider
       secure.  IEEE  802.1X authentication and frequently changed dynamic WEP
       keys can be used to improve the network security,  but  even  that  has
       inherited  security  issues due to the use of WEP for encryption. Wi-Fi
       Protected Access  and  IEEE  802.11i  amendment  to  the  wireless  LAN
       standard  introduce  a much improvement mechanism for securing wireless
       networks. IEEE 802.11i enabled networks that are using CCMP (encryption
       mechanism  based  on strong cryptographic algorithm AES) can finally be
       called secure used for applications which require efficient  protection
       against unauthorized access.

       wpa_supplicant  is  an  implementation of the WPA Supplicant component,
       i.e., the part that runs in the client stations. It implements WPA  key
       negotiation  with  a  WPA  Authenticator  and  EAP  authentication with
       Authentication Server. In addition, it controls the  roaming  and  IEEE
       802.11 authentication/association of the wireless LAN driver.

       wpa_supplicant  is  designed  to be a "daemon" program that runs in the
       background and acts as the backend component controlling  the  wireless
       connection.  wpa_supplicant  supports separate frontend programs and an
       example text-based frontend, wpa_cli, is included with  wpa_supplicant.

       Before  wpa_supplicant  can  do its work, the network interface must be
       available.  That means that the physical device  must  be  present  and
       enabled,  and  the  driver  for  the device must have be loaded.  Note,
       however, that the ’-w’ option of the  wpa_supplicant  daemon  instructs
       the  daemon to continue running and to wait for the interface to become
       available.  Without the ’-w’ option, the daemon will  exit  immediately
       if the device is not already available.

       After  wpa_supplicant  has  configured the network device, higher level
       configuration such as DHCP may proceed.  There are a variety of ways to
       integrate  wpa_supplicant into a machine’s networking scripts, a few of
       which are described in sections below.

       The following steps are used when associating with an AP using WPA:

       · wpa_supplicant requests the kernel driver to scan neighboring BSSes

       · wpa_supplicant selects a BSS based on its configuration

       · wpa_supplicant requests the  kernel  driver  to  associate  with  the
         chosen BSS

       · If WPA-EAP: integrated IEEE 802.1X Supplicant or external Xsupplicant
         completes EAP authentication with the authentication server  (proxied
         by the Authenticator in the AP)

       · If WPA-EAP: master key is received from the IEEE 802.1X Supplicant

       · If WPA-PSK: wpa_supplicant uses PSK as the master session key

       · wpa_supplicant  completes WPA 4-Way Handshake and Group Key Handshake
         with the Authenticator (AP)

       · wpa_supplicant configures encryption keys for unicast and broadcast

       · normal data packets can be transmitted and received


       Supported WPA/IEEE 802.11i features:

       · WPA-PSK ("WPA-Personal")

       · WPA  with  EAP  (e.g.,  with  RADIUS  authentication  server)  ("WPA-
         Enterprise")  Following  authentication methods are supported with an
         integrate IEEE 802.1X Supplicant:

         · EAP-TLS

         · EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)

         · EAP-PEAP/TLS (both PEAPv0 and PEAPv1)

         · EAP-PEAP/GTC (both PEAPv0 and PEAPv1)

         · EAP-PEAP/OTP (both PEAPv0 and PEAPv1)

         · EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)

         · EAP-TTLS/EAP-MD5-Challenge

         · EAP-TTLS/EAP-GTC

         · EAP-TTLS/EAP-OTP

         · EAP-TTLS/EAP-MSCHAPv2

         · EAP-TTLS/EAP-TLS

         · EAP-TTLS/MSCHAPv2

         · EAP-TTLS/MSCHAP

         · EAP-TTLS/PAP

         · EAP-TTLS/CHAP

         · EAP-SIM

         · EAP-AKA

         · EAP-PSK

         · EAP-PAX

         · LEAP (note: requires special  support  from  the  driver  for  IEEE
           802.11 authentication)

         · (following  methods  are  supported, but since they do not generate
           keying material, they cannot be used with WPA or  IEEE  802.1X  WEP

         · EAP-MD5-Challenge

         · EAP-MSCHAPv2

         · EAP-GTC

         · EAP-OTP

       · key management for CCMP, TKIP, WEP104, WEP40

       · RSN/WPA2 (IEEE 802.11i)

         · pre-authentication

         · PMKSA caching


       The available drivers to specify with the -D option are:

       hostap (default)  Host  AP  driver  (Intersil Prism2/2.5/3).  (this can
              also be used with Linuxant DriverLoader).

       hermes Agere Systems Inc. driver (Hermes-I/Hermes-II).

              MADWIFI 802.11 support (Atheros, etc.).

       atmel  ATMEL AT76C5XXx (USB, PCMCIA).

       wext   Linux wireless extensions (generic).

              Linux ndiswrapper.

              Broadcom wl.o driver.

       ipw    Intel ipw2100/2200 driver.

       wired  wpa_supplicant wired Ethernet driver

       bsd    BSD 802.11 support (Atheros, etc.).

       ndis   Windows NDIS driver.


       -B     Run daemon in the background.

       -i ifname
              Interface to listen on.

       -c filename
              Path to configuration file.

       -D driver
              Driver to use.  See the available options below.

       -d     Increase debugging verbosity (-dd even more).

       -K     Include keys (passwords, etc.) in debug output.

       -t     Include timestamp in debug messages.

       -e     Use external IEEE 802.1X Supplicant  (e.g.,  xsupplicant)  (this
              disables the internal Supplicant).

       -h     Help.  Show a usage message.

       -L     Show license (GPL and BSD).

       -q     Decrease debugging verbosity (-qq even less).

       -v     Show version.

       -w     wait   for   interface   to  be  added,  if  needed.   normally,
              wpa_supplicant will exit if the interface is not there yet.

       -N     Start describing new interface.


       In most common cases, wpa_supplicant is started with:

              wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -iwlan0

       This makes the process fork into background  and  wait  for  the  wlan0
       interface if it is not available at startup time.

       The  easiest  way  to  debug  problems,  and  to  get debug log for bug
       reports, is  to  start  wpa_supplicant  on  foreground  with  debugging

              wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d

       wpa_supplicant  can  control  multiple  interfaces  (radios)  either by
       running one process for each interface separately or  by  running  just
       one  process  and  list  of  options at command line. Each interface is
       separated with -N argument. As  an  example,  following  command  would
       start wpa_supplicant for two interfaces:

              wpa_supplicant \
                   -c wpa1.conf -i wlan0 -D hostap -N \
                   -c wpa2.conf -i ath0 -D madwifi


       Current hardware/software requirements:

       · Linux  kernel  2.4.x  or  2.6.x with Linux Wireless Extensions v15 or

       · FreeBSD 6-CURRENT

       · Microsoft Windows with WinPcap (at least WinXP, may work  with  other


       Host AP driver for Prism2/2.5/3 (development snapshot/v0.2.x)
              (  Driver  needs  to be set in Managed
              mode (’iwconfig wlan0 mode managed’).  Please note that  station
              firmware version needs to be 1.7.0 or newer to work in WPA mode.

       Linuxant DriverLoader
              ( with Windows NDIS driver
              for your wlan card supporting WPA.

       Agere Systems Inc. Linux Driver
              (  Please  note  that  the
              driver interface file (driver_hermes.c)  and  hardware  specific
              include   files   are   not   included   in  the  wpa_supplicant
              distribution. You will  need  to  copy  these  from  the  source
              package of the Agere driver.

       madwifi driver for cards based on Atheros chip set (ar521x)
              (  Please note that you
              will need to modify the wpa_supplicant .config file to  use  the
              correct  path  for  the madwifi driver root directory (CFLAGS +=
              -I../madwifi/wpa line in example defconfig).

       ATMEL AT76C5XXx driver for USB and PCMCIA cards

       Linux ndiswrapper
              ( with Windows NDIS  driver.

       Broadcom wl.o driver
              This  is  a  generic  Linux  driver  for Broadcom IEEE 802.11a/g
              cards.  However, it is proprietary driver that is  not  publicly
              available except for couple of exceptions, mainly Broadcom-based
              APs/wireless routers that use Linux. The driver  binary  can  be
              downloaded,      e.g.,     from     Linksys     support     site
              ( for Linksys WRT54G. The
              GPL  tarball includes cross-compiler and the needed header file,
              wlioctl.h, for compiling wpa_supplicant.  This driver support in
              wpa_supplicant is expected to work also with other devices based
              on Broadcom driver (assuming the  driver  includes  client  mode

        Intel ipw2100 driver

       Intel ipw2200 driver

       Linux wireless extensions
              In  theory,  any  driver that supports Linux wireless extensions
              can be  used  with  IEEE  802.1X  (i.e.,  not  WPA)  when  using
              ap_scan=0 option in configuration file.

       Wired Ethernet drivers
              Use ap_scan=0.

       BSD net80211 layer (e.g., Atheros driver)
              At the moment, this is for FreeBSD 6-CURRENT branch.

       Windows NDIS
              The      current      Windows      port     requires     WinPcap
              (  See  README-Windows.txt  for  more

       wpa_supplicant  was  designed  to be portable for different drivers and
       operating systems. Hopefully, support for more wlan cards and OSes will
       be  added  in  the future. See developer.txt for more information about
       the design of wpa_supplicant and porting to  other  drivers.  One  main
       goal  is  to  add full WPA/WPA2 support to Linux wireless extensions to
       allow new drivers to be  supported  without  having  to  implement  new
       driver-specific interface code in wpa_supplicant.


       The wpa_supplicant system consists of the following components:

              the  configuration  file  describing  all networks that the user
              wants the computer to connect to.

              the program that directly interacts with the network  interface.

              the  client  program that provides a high-level interface to the
              functionality of the daemon.

              a utility needed to  construct  wpa_supplicant.conf  files  that
              include encrypted passwords.


       First,  make a configuration file, e.g.  /etc/wpa_supplicant.conf, that
       describes the networks you are interested  in.   See  wpa_supplicant(5)
       for details.

       Once the configuration is ready, you can test whether the configuration
       works by running wpa_supplicant with following command to start  it  on
       foreground with debugging enabled:

              wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d

       Assuming everything goes fine, you can start using following command to
       start wpa_supplicant on background without debugging:

              wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B

       Please note that if you included more than one driver interface in  the
       build  time  configuration  (.config),  you  may  need to specify which
       interface to use by including -D<driver name>  option  on  the  command


       For  example,  following small changes to pcmcia-cs scripts can be used
       to enable WPA support:

       Add   MODE="Managed"   and   WPA="y"   to   the   network   scheme   in

       Add  the  following  block  to  the  end  of  ’start’ action handler in

              if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                  /usr/local/bin/wpa_supplicant -Bw -c/etc/wpa_supplicant.conf -i$DEVICE

       Add the following block to the end of ’stop’ action handler  (may  need
       to be separated from other actions) in /etc/pcmcia/wireless:

              if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
                  killall wpa_supplicant

       This  will  make  cardmgr start wpa_supplicant when the card is plugged
       in. wpa_supplicant will wait until the interface is set up--either when
       a  static  IP address is configured or when DHCP client is started--and
       will then negotiate keys with the AP.


       wpa_background(8) wpa_supplicant.conf(5) wpa_cli(8) wpa_passphrase(8)


       wpa_supplicant   is   copyright   (c)    2003-2005,    Jouni    Malinen
       <> and contributors.  All Rights Reserved.

       This  program  is  dual-licensed  under  both the GPL version 2 and BSD
       license. Either license may be used at your option.

                               08 February 2006              WPA_SUPPLICANT(8)