head	1.2;
access;
symbols
	perseant-exfatfs-base-20250801:1.2
	perseant-exfatfs-base-20240630:1.2
	perseant-exfatfs:1.2.0.22
	perseant-exfatfs-base:1.2
	cjep_sun2x:1.2.0.20
	cjep_sun2x-base:1.2
	cjep_staticlib_x-base1:1.2
	cjep_staticlib_x:1.2.0.18
	cjep_staticlib_x-base:1.2
	phil-wifi-20200421:1.2
	phil-wifi-20200411:1.2
	phil-wifi-20200406:1.2
	pgoyette-compat-merge-20190127:1.2
	pgoyette-compat-20190127:1.2
	pgoyette-compat-20190118:1.2
	pgoyette-compat-1226:1.2
	pgoyette-compat-1126:1.2
	pgoyette-compat-1020:1.2
	pgoyette-compat-0930:1.2
	pgoyette-compat-0906:1.2
	pgoyette-compat-0728:1.2
	pgoyette-compat-0625:1.2
	pgoyette-compat-0521:1.2
	pgoyette-compat-0502:1.2
	pgoyette-compat-0422:1.2
	pgoyette-compat-0415:1.2
	pgoyette-compat-0407:1.2
	pgoyette-compat-0330:1.2
	pgoyette-compat-0322:1.2
	pgoyette-compat-0315:1.2
	pgoyette-compat:1.2.0.16
	pgoyette-compat-base:1.2
	prg-localcount2-base3:1.2
	prg-localcount2-base2:1.2
	prg-localcount2-base1:1.2
	prg-localcount2:1.2.0.14
	prg-localcount2-base:1.2
	pgoyette-localcount-20170426:1.2
	bouyer-socketcan-base1:1.2
	pgoyette-localcount-20170320:1.2
	bouyer-socketcan:1.2.0.12
	bouyer-socketcan-base:1.2
	pgoyette-localcount-20170107:1.2
	pgoyette-localcount-20161104:1.2
	localcount-20160914:1.2
	pgoyette-localcount-20160806:1.2
	pgoyette-localcount-20160726:1.2
	pgoyette-localcount:1.2.0.10
	pgoyette-localcount-base:1.2
	netbsd-5-2-3-RELEASE:1.1.1.2
	netbsd-5-1-5-RELEASE:1.1.1.2
	yamt-pagecache-base9:1.2
	yamt-pagecache-tag8:1.2
	tls-earlyentropy:1.2.0.6
	tls-earlyentropy-base:1.2
	riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.2
	riastradh-drm2-base3:1.2
	netbsd-5-2-2-RELEASE:1.1.1.2
	netbsd-5-1-4-RELEASE:1.1.1.2
	netbsd-5-2-1-RELEASE:1.1.1.2
	netbsd-5-1-3-RELEASE:1.1.1.2
	agc-symver:1.2.0.8
	agc-symver-base:1.2
	tls-maxphys-base:1.2
	yamt-pagecache-base8:1.2
	netbsd-5-2:1.1.1.2.0.2
	yamt-pagecache-base7:1.2
	netbsd-5-2-RELEASE:1.1.1.2
	netbsd-5-2-RC1:1.1.1.2
	yamt-pagecache-base6:1.2
	yamt-pagecache-base5:1.2
	yamt-pagecache-base4:1.2
	netbsd-5-1-2-RELEASE:1.1.1.2
	netbsd-5-1-1-RELEASE:1.1.1.2
	yamt-pagecache-base3:1.2
	yamt-pagecache-base2:1.2
	yamt-pagecache:1.2.0.4
	yamt-pagecache-base:1.2
	bouyer-quota2-nbase:1.2
	bouyer-quota2:1.2.0.2
	bouyer-quota2-base:1.2
	matt-nb5-mips64-premerge-20101231:1.1.1.2
	matt-nb5-pq3:1.1.1.2.0.14
	matt-nb5-pq3-base:1.1.1.2
	netbsd-5-1:1.1.1.2.0.12
	netbsd-5-1-RELEASE:1.1.1.2
	netbsd-5-1-RC4:1.1.1.2
	matt-nb5-mips64-k15:1.1.1.2
	netbsd-5-1-RC3:1.1.1.2
	netbsd-5-1-RC2:1.1.1.2
	netbsd-5-1-RC1:1.1.1.2
	netbsd-5-0-2-RELEASE:1.1.1.2
	matt-nb5-mips64-premerge-20091211:1.1.1.2
	matt-premerge-20091211:1.1.1.2
	matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.1.1.2
	matt-nb4-mips64-k7-u2a-k9b:1.1.1.2
	matt-nb5-mips64-u1-k1-k5:1.1.1.2
	matt-nb5-mips64:1.1.1.2.0.10
	netbsd-5-0-1-RELEASE:1.1.1.2
	jym-xensuspend-nbase:1.1.1.2
	netbsd-5-0:1.1.1.2.0.8
	netbsd-5-0-RELEASE:1.1.1.2
	netbsd-5-0-RC4:1.1.1.2
	netbsd-5-0-RC3:1.1.1.2
	netbsd-5-0-RC2:1.1.1.2
	jym-xensuspend:1.1.1.2.0.6
	jym-xensuspend-base:1.1.1.2
	netbsd-5-0-RC1:1.1.1.2
	netbsd-5:1.1.1.2.0.4
	netbsd-5-base:1.1.1.2
	matt-mips64-base2:1.1.1.2
	wrstuden-revivesa-base-3:1.1.1.2
	wrstuden-revivesa-base-2:1.1.1.2
	v0_6_4:1.1.1.2
	wrstuden-revivesa-base-1:1.1.1.1
	yamt-pf42-base4:1.1.1.1
	yamt-pf42-base3:1.1.1.1
	hpcarm-cleanup-nbase:1.1.1.1
	hpcarm-cleanup-base:1.1.1.1
	yamt-pf42-baseX:1.1.1.1
	yamt-pf42-base2:1.1.1.1
	wrstuden-revivesa:1.1.1.1.0.8
	wrstuden-revivesa-base:1.1.1.1
	yamt-pf42:1.1.1.1.0.6
	yamt-pf42-base:1.1.1.1
	matt-armv6:1.1.1.1.0.4
	matt-armv6-nbase:1.1.1.1
	keiichi-mipv6:1.1.1.1.0.2
	keiichi-mipv6-base:1.1.1.1
	v0_6_2:1.1.1.1
	MALINEN:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2010.08.26.14.59.02;	author christos;	state dead;
branches;
next	1.1;

1.1
date	2008.01.26.21.42.23;	author christos;	state Exp;
branches
	1.1.1.1;
next	;

1.1.1.1
date	2008.01.26.21.42.23;	author christos;	state Exp;
branches
	1.1.1.1.4.1
	1.1.1.1.8.1;
next	1.1.1.2;

1.1.1.2
date	2008.08.30.07.27.02;	author christos;	state Exp;
branches;
next	;

1.1.1.1.4.1
date	2008.01.26.21.42.23;	author matt;	state dead;
branches;
next	1.1.1.1.4.2;

1.1.1.1.4.2
date	2008.03.23.00.17.12;	author matt;	state Exp;
branches;
next	;

1.1.1.1.8.1
date	2008.09.18.04.44.46;	author wrstuden;	state Exp;
branches;
next	;


desc
@@


1.2
log
@bye old wpa
@
text
@# hostapd user database for integrated EAP server

# Each line must contain an identity, EAP method(s), and an optional password
# separated with whitespace (space or tab). The identity and password must be
# double quoted ("user"). Password can alternatively be stored as
# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password
# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means
# that the plaintext password does not need to be included in the user file.
# Password hash is stored as hash:<16-octets of hex data> without quotation
# marks.

# [2] flag in the end of the line can be used to mark users for tunneled phase
# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous
# identity can be used in the unencrypted phase 1 and the real user identity
# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous
# access is needed, two user entries is needed, one for phase 1 and another
# with the same username for phase 2.
#
# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use
# password option.
# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a
# password.
# EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration.
#
# * can be used as a wildcard to match any user identity. The main purposes for
# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to
# avoid having to configure every certificate for EAP-TLS authentication. The
# first matching entry is selected, so * should be used as the last phase 1
# user entry.
#
# "prefix"* can be used to match the given prefix and anything after this. The
# main purpose for this is to be able to avoid EAP method negotiation when the
# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This
# is only allowed for phase 1 identities.
#
# Multiple methods can be configured to make the authenticator try them one by
# one until the peer accepts one. The method names are separated with a
# comma (,).
#
# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP
# version based on the Phase 1 identity. Without this flag, the EAP
# authenticator advertises the highest supported version and select the version
# based on the first PEAP packet from the supplicant.
#
# EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel.
# Tunneled EAP methods are configured with standard EAP method name and [2]
# flag. Non-EAP methods can be enabled by following method names: TTLS-PAP,
# TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a
# plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password
# hash.

# Phase 1 users
"user"		MD5	"password"
"test user"	MD5	"secret"
"example user"	TLS
"DOMAIN\user"	MSCHAPV2	"password"
"gtc user"	GTC	"password"
"pax user"	PAX	"unknown"
"pax.user@@example.com"	PAX	0123456789abcdef0123456789abcdef
"psk user"	PSK	"unknown"
"psk.user@@example.com"	PSK	0123456789abcdef0123456789abcdef
"sake.user@@example.com"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
"ttls"		TTLS
"not anonymous"	PEAP
# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
"0"*		AKA,TTLS,TLS,PEAP,SIM
"1"*		SIM,TTLS,TLS,PEAP,AKA
"2"*		AKA,TTLS,TLS,PEAP,SIM
"3"*		SIM,TTLS,TLS,PEAP,AKA
"4"*		AKA,TTLS,TLS,PEAP,SIM
"5"*		SIM,TTLS,TLS,PEAP,AKA

# Wi-Fi Protected Setup
"WFA-SimpleConfig-Registrar-1-0"	WSC
"WFA-SimpleConfig-Enrollee-1-0"		WSC

# Wildcard for all other identities
*		PEAP,TTLS,TLS,SIM,AKA

# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
"t-md5"		MD5	"password"	[2]
"DOMAIN\t-mschapv2"	MSCHAPV2	"password"	[2]
"t-gtc"		GTC	"password"	[2]
"not anonymous"	MSCHAPV2	"password"	[2]
"user"		MD5,GTC,MSCHAPV2	"password"	[2]
"test user"	MSCHAPV2	hash:000102030405060708090a0b0c0d0e0f	[2]
"ttls-user"	TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2	"password"	[2]
@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Import hostapd
@
text
@@


1.1.1.1.8.1
log
@Sync with wrstuden-revivesa-base-2.
@
text
@d73 4
a87 8

# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2
"0"*		AKA	[2]
"1"*		SIM	[2]
"2"*		AKA	[2]
"3"*		SIM	[2]
"4"*		AKA	[2]
"5"*		SIM	[2]
@


1.1.1.2
log
@Import wpa_supplicant and hostapd
@
text
@d73 4
a87 8

# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2
"0"*		AKA	[2]
"1"*		SIM	[2]
"2"*		AKA	[2]
"3"*		SIM	[2]
"4"*		AKA	[2]
"5"*		SIM	[2]
@


1.1.1.1.4.1
log
@file hostapd.eap_user was added on branch matt-armv6 on 2008-03-23 00:17:12 +0000
@
text
@d1 87
@


1.1.1.1.4.2
log
@sync with HEAD
@
text
@a0 87
# hostapd user database for integrated EAP server

# Each line must contain an identity, EAP method(s), and an optional password
# separated with whitespace (space or tab). The identity and password must be
# double quoted ("user"). Password can alternatively be stored as
# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password
# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means
# that the plaintext password does not need to be included in the user file.
# Password hash is stored as hash:<16-octets of hex data> without quotation
# marks.

# [2] flag in the end of the line can be used to mark users for tunneled phase
# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous
# identity can be used in the unencrypted phase 1 and the real user identity
# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous
# access is needed, two user entries is needed, one for phase 1 and another
# with the same username for phase 2.
#
# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use
# password option.
# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a
# password.
# EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration.
#
# * can be used as a wildcard to match any user identity. The main purposes for
# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to
# avoid having to configure every certificate for EAP-TLS authentication. The
# first matching entry is selected, so * should be used as the last phase 1
# user entry.
#
# "prefix"* can be used to match the given prefix and anything after this. The
# main purpose for this is to be able to avoid EAP method negotiation when the
# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This
# is only allowed for phase 1 identities.
#
# Multiple methods can be configured to make the authenticator try them one by
# one until the peer accepts one. The method names are separated with a
# comma (,).
#
# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP
# version based on the Phase 1 identity. Without this flag, the EAP
# authenticator advertises the highest supported version and select the version
# based on the first PEAP packet from the supplicant.
#
# EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel.
# Tunneled EAP methods are configured with standard EAP method name and [2]
# flag. Non-EAP methods can be enabled by following method names: TTLS-PAP,
# TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a
# plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password
# hash.

# Phase 1 users
"user"		MD5	"password"
"test user"	MD5	"secret"
"example user"	TLS
"DOMAIN\user"	MSCHAPV2	"password"
"gtc user"	GTC	"password"
"pax user"	PAX	"unknown"
"pax.user@@example.com"	PAX	0123456789abcdef0123456789abcdef
"psk user"	PSK	"unknown"
"psk.user@@example.com"	PSK	0123456789abcdef0123456789abcdef
"sake.user@@example.com"	SAKE	0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
"ttls"		TTLS
"not anonymous"	PEAP
# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes
"0"*		AKA,TTLS,TLS,PEAP,SIM
"1"*		SIM,TTLS,TLS,PEAP,AKA
"2"*		AKA,TTLS,TLS,PEAP,SIM
"3"*		SIM,TTLS,TLS,PEAP,AKA
"4"*		AKA,TTLS,TLS,PEAP,SIM
"5"*		SIM,TTLS,TLS,PEAP,AKA

# Wi-Fi Protected Setup
"WFA-SimpleConfig-Registrar-1-0"	WSC
"WFA-SimpleConfig-Enrollee-1-0"		WSC

# Wildcard for all other identities
*		PEAP,TTLS,TLS,SIM,AKA

# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users
"t-md5"		MD5	"password"	[2]
"DOMAIN\t-mschapv2"	MSCHAPV2	"password"	[2]
"t-gtc"		GTC	"password"	[2]
"not anonymous"	MSCHAPV2	"password"	[2]
"user"		MD5,GTC,MSCHAPV2	"password"	[2]
"test user"	MSCHAPV2	hash:000102030405060708090a0b0c0d0e0f	[2]
"ttls-user"	TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2	"password"	[2]
@