[Bug 1109209] New: wpa_supplicant lacks support for PWD
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 Bug ID: 1109209 Summary: wpa_supplicant lacks support for PWD Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: gleixner@lrz.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- While trying to set up a connection with Eduroam (https://en.wikipedia.org/wiki/Eduroam), i tried to use the nowadays preferred EAP method PWD. The NetworkManager let me choose PWD, but in /var/log/wpa_supplicant.log i can read, that wpa_supplicant has to be recompiled with PWD support. Can you add PWD support and make students and researchers in Europe happy? -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c1 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |gleixner@lrz.de, | |kbabioch@suse.com, | |ro@suse.com Flags| |needinfo?, | |needinfo?(gleixner@lrz.de) --- Comment #1 from Andreas Stieger <astieger@suse.com> --- We have different accounts of this working. Hmm your own docs: https://www.lrz.de/services/netz/mobil/802_1x/802_1x-linux-ubuntu/ Flo, does it not work at all or would this add another (better) option? Asking local openSUSE contributors who are in Eduroam range... -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c2 Sarah Kriesch <ada.lovelace@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ada.lovelace@gmx.de --- Comment #2 from Sarah Kriesch <ada.lovelace@gmx.de> --- I am at a conference at the Nuremberg Intitute of Technology at the moment. We are usinf WPA2-EAP for eduroam at our university and for our student accounts. It works fine on openSUSE Leap 15.0 at the moment. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c3 --- Comment #3 from Sarah Kriesch <ada.lovelace@gmx.de> --- my version: rpm -qa wpa_supplicant wpa_supplicant-2.6-lp150.3.3.1.x86_64 -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c4 --- Comment #4 from Sarah Kriesch <ada.lovelace@gmx.de> --- The difference between Nuremberg and LRZ is, that we have to use a Telekom certificate (CA-Zertifikat) additional to our account. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c5 flo gleixner <gleixner@lrz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?, | |needinfo?(gleixner@lrz.de) | --- Comment #5 from flo gleixner <gleixner@lrz.de> --- You can choose the Authentication Method "PWD" in NetworkManager. PWD is much easier than PEAP and it is secure enough. It is the preferred method for Android devices today. While connecting to eduroam using PEAP works, when i try PWD, it silently fails. The Logfile /var/log/wpa_supplicant.log says: Line 0: unknown EAP method 'PWD' You may need to add support for this EAP method during wpa_supplicant build time configuration. The packet maintainer should set CONFIG_EAP_PWD=y and rebuild wpa_supplicant (preferred!) or the option should not be in the NetworkManager (not preferred!). -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c6 --- Comment #6 from Sarah Kriesch <ada.lovelace@gmx.de> --- I know something like that from other universities. Our edurom works only with a special certificate and the following configuration: https://www.th-nuernberg.de/fileadmin/global/Gelenkte_Doks/ZE/RZ/RZ_5404_HR_... I have been surprised about our wireless security, but no other configuration works. Do we have Fernuni Students in the community/ at SUSE? They can use a configuration without Telekom certificate. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c7 --- Comment #7 from Karol Babioch <kbabioch@suse.com> --- Thanks for bringing this up. I've created a couple of submit requests for our openSUSE products enabling this feature within wpa_supplicant this: Factory: https://build.opensuse.org/request/show/637009 Leap 15.0: https://build.opensuse.org/request/show/637012 Leap 42.3: https://build.opensuse.org/request/show/637014 Our version of wpa_supplicant in Leap 42.3 is based on upstream version 2.2, which was vulnerable to a couple of CVEs in the EAP-PWD component (CVE-2015-5314, CVE-2015-5315, CVE-2015-5316), but they have been fixed with the patches However, these patches are missing the CVE references and I don't want to simply add them to the changes file, since this will confuse our tooling. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|wpa_supplicant lacks |wpa_supplicant: Lacking |support for PWD |support for PWD as EAP | |method -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |ro@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c9 Jan Engelhardt <jengelh@inai.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jengelh@inai.de --- Comment #9 from Jan Engelhardt <jengelh@inai.de> --- Chiming in for the record. It also works with: WPA2 Enterprise, Tunneled TLS, anonymous@gwdg.de, and then MSCHAPv2 with a plaintext as inner authentication. On Android, something with PEAP. -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1109209 http://bugzilla.opensuse.org/show_bug.cgi?id=1109209#c15 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #15 from Karol Babioch <kbabioch@suse.com> --- Closing this bug, since it has been fixed in the meantime for all codestreams. SLE-12 / openSUSE 42.3 might not yet be released, but should become available soon-ish and there is nothing else to do in this bug. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com