Wpa supplicant: Difference between revisions
→External links: moving (external) link about eduroam (about wpa_supplicant and NetworkManager) from this article to this article eduroam Tags: Mobile edit Mobile web edit |
→eduroam: Add information regarding certificate location for NixOS Unstable and 26.05+ users |
||
| Line 113: | Line 113: | ||
== [[eduroam]] == | == [[eduroam]] == | ||
Nowadays, using EAP-PWD is preferred over MSCHAPv2 when connecting to [[eduroam]] or other institutional networks. It provides stronger [https://www.rfc-editor.org/rfc/rfc5931#page-35 security claims] and is simpler to set up. It also never transmits your password, doesn't require certificates and needs less authentication roundtrips. The identity and password should be given to you by your institution.<syntaxHighlight lang=nixos> | |||
Nowadays, using EAP-PWD is preferred over MSCHAPv2 when connecting to [[eduroam]] or other institutional networks. It provides stronger [https://www.rfc-editor.org/rfc/rfc5931#page-35 security claims] and is simpler to set up. It also never transmits your password, doesn't require certificates and needs less authentication roundtrips. The identity and password should be given to you by your institution. | |||
<syntaxHighlight lang=nixos> | |||
networking.wireless.networks.eduroam = { | networking.wireless.networks.eduroam = { | ||
auth = '' | auth = '' | ||
| Line 126: | Line 123: | ||
}; | }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
=== Restrictions on Certificate Location === | |||
For certificate-based setups, due to security hardening for wpa_supplicant in NixOS 26.05 and later, users of wpa_supplicant face restrictions on where eduroam certificates can be stored<ref>https://discourse.nixos.org/t/breaking-changes-announcement-for-unstable/17574/116</ref>. Certificates should be placed in either <code>/etc/ssl/certs</code> or <code>/etc/wpa_supplicant</code> and should be owned by (or accessible to) the wpa_supplicant user. | |||
== WEP support == | == WEP support == | ||