1
.\" This manpage has been automatically generated by docbook2man
2
.\" from a DocBook document. This tool can be found at:
3
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
4
.\" Please send any bug reports, improvements, comments, patches,
5
.\" etc. to Steve Cheng <steve@ggi-project.org>.
6
.TH "WPA_CLI" "8" "28 May 2007" "" ""
9
wpa_cli \- WPA command line client
12
\fBwpa_cli\fR [ \fB-p \fIpath to ctrl sockets\fB\fR ] [ \fB-i \fIifname\fB\fR ] [ \fB-hvB\fR ] [ \fB-a \fIaction file\fB\fR ] [ \fB-P \fIpid file\fB\fR ] [ \fB\fIcommand ...\fB\fR ]
16
wpa_cli is a text-based frontend program for interacting
17
with wpa_supplicant. It is used to query current status, change
18
configuration, trigger events, and request interactive user
21
wpa_cli can show the current authentication status, selected
22
security mode, dot11 and dot1x MIBs, etc. In addition, it can
23
configure some variables like EAPOL state machine parameters and
24
trigger events like reassociation and IEEE 802.1X
25
logoff/logon. wpa_cli provides a user interface to request
26
authentication information, like username and password, if these
27
are not included in the configuration. This can be used to
28
implement, e.g., one-time-passwords or generic token card
29
authentication where the authentication is based on a
30
challenge-response that uses an external device for generating the
33
The control interface of wpa_supplicant can be configured to
34
allow non-root user access (ctrl_interface_group in the
35
configuration file). This makes it possible to run wpa_cli with a
38
wpa_cli supports two modes: interactive and command
39
line. Both modes share the same command set and the main
40
difference is in interactive mode providing access to unsolicited
41
messages (event messages, username/password requests).
43
Interactive mode is started when wpa_cli is executed without
44
including the command as a command line parameter. Commands are
45
then entered on the wpa_cli prompt. In command line mode, the same
46
commands are entered as command line arguments for wpa_cli.
47
.SH "INTERACTIVE AUTHENTICATION PARAMETERS REQUEST"
49
When wpa_supplicant need authentication parameters, like
50
username and password, which are not present in the configuration
51
file, it sends a request message to all attached frontend programs,
52
e.g., wpa_cli in interactive mode. wpa_cli shows these requests
53
with "CTRL-REQ-<type>-<id>:<text>"
54
prefix. <type> is IDENTITY, PASSWORD, or OTP
55
(one-time-password). <id> is a unique identifier for the
56
current network. <text> is description of the request. In
57
case of OTP request, it includes the challenge from the
58
authentication server.
60
The reply to these requests can be given with 'identity',
61
'password', and 'otp' commands. <id> needs to be copied from the
62
the matching request. 'password' and 'otp' commands can be used
63
regardless of whether the request was for PASSWORD or OTP. The
64
main difference between these two commands is that values given
65
with 'password' are remembered as long as wpa_supplicant is
66
running whereas values given with 'otp' are used only once and
67
then forgotten, i.e., wpa_supplicant will ask frontend for a new
68
value for every use. This can be used to implement
69
one-time-password lists and generic token card -based
72
Example request for password and a matching reply:
77
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
78
> password 1 mysecretpassword
82
Example request for generic token card challenge-response:
87
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
91
.SH "COMMAND ARGUMENTS"
94
Change the path where control sockets should
98
Specify the interface that is being
99
configured. By default, choose the first interface found with
100
a control socket in the socket path.
103
Help. Show a usage message.
106
Show version information.
109
Run as a daemon in the background.
112
Run in daemon mode executing the action file
113
based on events from wpa_supplicant. The specified file will
114
be executed with the first argument set to interface name and
115
second to "CONNECT" or "DISCONNECT" depending on the event.
116
This can be used to execute networking tools required to configure
119
Additionally, three environmental variables are available to
120
the file: WPA_CTRL_DIR, WPA_ID, and WPA_ID_STR. WPA_CTRL_DIR
121
contains the absolute path to the ctrl_interface socket. WPA_ID
122
contains the unique network_id identifier assigned to the active
123
network, and WPA_ID_STR contains the content of the id_str option.
126
Set the location of the PID
130
Run a command. The available commands are
131
listed in the next section.
134
The following commands are available:
137
get current WPA/EAPOL/EAP status
140
get MIB variables (dot1x, dot11)
145
\fBinterface [ifname]\fR
146
show interfaces/select interface
148
\fBlevel <debug level>\fR
152
show full wpa_cli license
155
IEEE 802.1X EAPOL state machine logoff
158
IEEE 802.1X EAPOL state machine logon
161
set variables (shows list of variables when run without arguments)
170
force wpa_supplicant to re-read its configuration file
172
\fBpreauthenticate <BSSID>\fR
173
force preauthentication
175
\fBidentity <network id> <identity>\fR
176
configure identity for an SSID
178
\fBpassword <network id> <password>\fR
179
configure password for an SSID
181
\fBpin <network id> <pin>\fR
182
configure pin for an SSID
184
\fBotp <network id> <password>\fR
185
configure one-time-password for an SSID
187
\fBbssid <network id> <BSSID>\fR
188
set preferred BSSID for an SSID
191
list configured networks
194
terminate \fBwpa_supplicant\fR
200
\fBwpa_supplicant\fR(8)
203
wpa_supplicant is copyright (c) 2003-2007,
204
Jouni Malinen <j@w1.fi> and
208
This program is dual-licensed under both the GPL version 2
209
and BSD license. Either license may be used at your option.
added
removed
wpa_supplicant/doc/docbook/wpa_cli.8
