[ipxe-devel] EAP Authentication Methods?

Michael Brown mbrown at fensystems.co.uk
Wed Mar 30 01:54:19 UTC 2011


On Tuesday 29 Mar 2011 23:35:26 Joshua Oreman wrote:
> On Tue, Mar 29, 2011 at 6:03 PM, Gregory Fuller <gregory.fuller at oswego.edu>
> wrote:
> > I see that there is basic EAP Over LAN (EAPOL) support in iPXE.
> > Anyone working on adding EAP authentication methods such as EAP-MD5,
> > EAP-TLS, EAP-PEAP, etc?  It would be great if this support was
> > available.  We currently use gPXE to bootstrap our LANDesk PXE boot
> > menu which is provided by DHCP options and provide additional boot
> > options to client.  But we are moving from open data ports to secure
> > 802.1x enabled ports where we can't enable any sort of open access
> > which would allow this to still function.  Typically you could use MAC
> > based authentication at the switchport to get PXE functionality
> > working on a dot1x port (ie: allow the client on the network), but we
> > are unable to do that the way we are configured.  It would be nice if
> > iPXE had even basic EAP-MD5 support which would allow PXE clients to
> > authenticate to the switchport and load our imaging software over the
> > network.  I'm willing to test if someone is working on building this
> > support in!
> 
> I'm the one who originally developed the 802.11 support for iPXE, and
> I threw in the EAP stub in the hopes that someone would have the time
> I didn't to actually get "WPA Enterprise" working. The same mechanism
> would support EAP on a wired LAN.
> 
> Unfortunately, I've been very busy at school and I don't have much
> time for iPXE these days, but I'd be happy to offer guidance if anyone
> else is interested in implementing this. I may also have more time
> over the summer.

I don't have any immediate plans to implement this myself.  If anyone wants to 
have a go at developing it, I'm happy to purchase and arrange delivery of a 
suitable switch for testing against.

Michael



More information about the ipxe-devel mailing list