223 lines
5.9 KiB
Groff
223 lines
5.9 KiB
Groff
.\" Copyright (c) 2005 Sam Leffler <sam@errno.com>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd June 16, 2005
|
|
.Dt WPA_CLI 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm wpa_cli
|
|
.Nd "text-based frontend program for interacting with wpa_supplicant"
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Ar commands
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
utility
|
|
is a text-based frontend program for interacting with
|
|
.Xr wpa_supplicant 8 .
|
|
It is used to query current status,
|
|
change configuration,
|
|
trigger events,
|
|
and
|
|
request interactive user input.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
utility
|
|
can show the
|
|
current authentication status,
|
|
selected security
|
|
mode, dot11 and dot1x MIBs, etc.
|
|
In addition,
|
|
.Nm
|
|
can configure EAPOL state machine
|
|
parameters and trigger events such as reassociation
|
|
and IEEE 802.1X logoff/logon.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
utility
|
|
provides an interface to supply authentication information
|
|
such as username and password when it is not provided in the
|
|
.Xr wpa_supplicant.conf 5
|
|
configuration file.
|
|
This can be used, for example, to implement
|
|
one-time passwords or generic token card
|
|
authentication where the authentication is based on a
|
|
challenge-response that uses an external device for generating the
|
|
response.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
utility
|
|
supports two modes: interactive and command line.
|
|
Both modes share the same command set and the main difference
|
|
is in interactive mode providing access to unsolicited messages
|
|
(event messages, username/password requests).
|
|
.Pp
|
|
Interactive mode is started when
|
|
.Nm
|
|
is executed without any parameters on the command line.
|
|
Commands are then entered from the controlling terminal in
|
|
response to the
|
|
.Nm
|
|
prompt.
|
|
In command line mode, the same commands are
|
|
entered as command line arguments.
|
|
.Pp
|
|
The control interface of
|
|
.Xr wpa_supplicant 8
|
|
can be configured to allow
|
|
non-root user access by using the
|
|
.Va ctrl_interface_group
|
|
parameter
|
|
in the
|
|
.Xr wpa_supplicant.conf 5
|
|
configuration file.
|
|
This makes it possible to run
|
|
.Nm
|
|
with a normal user account.
|
|
.Sh AUTHENTICATION PARAMETERS
|
|
When
|
|
.Xr wpa_supplicant 8
|
|
needs authentication parameters, such as username and password,
|
|
that are not present in the configuration file, it sends a
|
|
request message to all attached frontend programs, e.g.,
|
|
.Nm
|
|
in interactive mode.
|
|
The
|
|
.Nm
|
|
utility
|
|
shows these requests with a
|
|
.Dq Li CTRL-REQ- Ns Ao Ar type Ac Ns Li - Ns Ao Ar id Ac Ns : Ns Aq Ar text
|
|
prefix, where
|
|
.Aq Ar type
|
|
is
|
|
.Li IDENTITY , PASSWORD ,
|
|
or
|
|
.Li OTP
|
|
(One-Time Password),
|
|
.Aq Ar id
|
|
is a unique identifier for the current network,
|
|
.Aq Ar text
|
|
is a description of the request.
|
|
In the case of an
|
|
.Li OTP
|
|
(One-Time Password) request,
|
|
it includes the challenge from the authentication server.
|
|
.Pp
|
|
A user must supply
|
|
.Xr wpa_supplicant 8
|
|
the needed parameters in response to these requests.
|
|
.Pp
|
|
For example,
|
|
.Bd -literal -offset indent
|
|
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
|
|
> password 1 mysecretpassword
|
|
|
|
Example request for generic token card challenge-response:
|
|
|
|
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
|
|
> otp 2 9876
|
|
.Ed
|
|
.Sh COMMANDS
|
|
The following commands may be supplied on the command line
|
|
or at a prompt when operating interactively.
|
|
.Bl -tag -width indent
|
|
.It Ic status
|
|
Report the current WPA/EAPOL/EAP status for the current interface.
|
|
.It Ic mib
|
|
Report MIB variables (dot1x, dot11) for the current interface.
|
|
.It Ic help
|
|
Show usage help.
|
|
.It Ic interface Op Ar ifname
|
|
Show available interfaces and/or set the current interface
|
|
when multiple are available.
|
|
.It Ic level Ar debug_level
|
|
Change the debugging level in
|
|
.Xr wpa_supplicant 8 .
|
|
Larger numbers generate more messages.
|
|
.It Ic license
|
|
Display the full
|
|
license for
|
|
.Nm .
|
|
.It Ic logoff
|
|
Send the IEEE 802.1X EAPOL state machine into the
|
|
.Dq logoff
|
|
state.
|
|
.It Ic logon
|
|
Send the IEEE 802.1X EAPOL state machine into the
|
|
.Dq logon
|
|
state.
|
|
.It Ic set Op Ar settings
|
|
Set variables.
|
|
When no arguments are supplied, the known variables and their settings
|
|
are displayed.
|
|
.It Ic pmksa
|
|
Show the contents of the PMKSA cache.
|
|
.It Ic reassociate
|
|
Force a reassociation to the current access point.
|
|
.It Ic reconfigure
|
|
Force
|
|
.Xr wpa_supplicant 8
|
|
to re-read its configuration file.
|
|
.It Ic preauthenticate Ar BSSID
|
|
Force preauthentication of the specified
|
|
.Ar BSSID .
|
|
.It Ic identity Ar network_id identity
|
|
Configure an identity for an SSID.
|
|
.It Ic password Ar network_id password
|
|
Configure a password for an SSID.
|
|
.It Ic otp Ar network_id password
|
|
Configure a one-time password for an SSID.
|
|
.It Ic terminate
|
|
Force
|
|
.Xr wpa_supplicant 8
|
|
to terminate.
|
|
.It Ic quit
|
|
Exit
|
|
.Nm .
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr wpa_supplicant.conf 5 ,
|
|
.Xr wpa_supplicant 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
utility first appeared in
|
|
.Fx 6.0 .
|
|
.Sh AUTHORS
|
|
The
|
|
.Nm
|
|
utility was written by
|
|
.An Jouni Malinen Aq j@w1.fi .
|
|
This manual page is derived from the
|
|
.Pa README
|
|
file included in the
|
|
.Nm wpa_supplicant
|
|
distribution.
|