26
26
# global configuration (shared by all network blocks)
28
# Interface for separate control program. If this is specified, wpa_supplicant
29
# will create this directory and a UNIX domain socket for listening to requests
30
# from external programs (CLI/GUI, etc.) for status information and
31
# configuration. The socket file will be named based on the interface name, so
32
# multiple wpa_supplicant processes can be run at the same time if more than
33
# one interface is used.
28
# Parameters for the control interface. If this is specified, wpa_supplicant
29
# will open a control interface that is available for external programs to
30
# manage wpa_supplicant. The meaning of this string depends on which control
31
# interface mechanism is used. For all cases, the existance of this parameter
32
# in configuration is used to determine whether the control interface is
35
# For UNIX domain sockets (default on Linux and BSD): This is a directory that
36
# will be created for UNIX domain sockets for listening to requests from
37
# external programs (CLI/GUI, etc.) for status information and configuration.
38
# The socket file will be named based on the interface name, so multiple
39
# wpa_supplicant processes can be run at the same time if more than one
34
41
# /var/run/wpa_supplicant is the recommended directory for sockets and by
35
42
# default, wpa_cli will use it when trying to connect with wpa_supplicant.
36
ctrl_interface=/var/run/wpa_supplicant
38
44
# Access control for the control interface can be configured by setting the
39
45
# directory to allow only members of a group to use sockets. This way, it is
40
46
# possible to run wpa_supplicant as root (since it needs to change network
48
54
# not included in the configuration file, group will not be changed from the
49
55
# value it got by default when the directory or socket was created.
51
# This variable can be a group name or gid.
52
#ctrl_interface_group=wheel
53
ctrl_interface_group=0
57
# When configuring both the directory and group, use following format:
58
# DIR=/var/run/wpa_supplicant GROUP=wheel
59
# DIR=/var/run/wpa_supplicant GROUP=0
60
# (group can be either group name or gid)
62
# For UDP connections (default on Windows): The value will be ignored. This
63
# variable is just used to select that the control interface is to be created.
64
# The value can be set to, e.g., udp (ctrl_interface=udp)
66
# For Windows Named Pipe: This value can be used to set the security descriptor
67
# for controlling access to the control interface. Security descriptor can be
68
# set using Security Descriptor String Format (see http://msdn.microsoft.com/
69
# library/default.asp?url=/library/en-us/secauthz/security/
70
# security_descriptor_string_format.asp). The descriptor string needs to be
71
# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty
72
# DACL (which will reject all connections). See README-Windows.txt for more
73
# information about SDDL string format.
75
ctrl_interface=/var/run/wpa_supplicant
55
77
# IEEE 802.1X/EAPOL version
56
78
# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
94
116
# They are both from the opensc project (http://www.opensc.org/)
95
117
# By default no engines are loaded.
96
118
# make the opensc engine available
97
opensc_engine_path=/usr/lib/opensc/engine_opensc.so
119
#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
98
120
# make the pkcs11 engine available
99
pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
121
#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
100
122
# configure the path to the pkcs11 module required by the pkcs11 engine
101
pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
123
#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so
103
125
# Dynamic EAP methods
104
126
# If EAP methods were built dynamically as shared object files, they need to be
270
292
# On Windows, trusted CA certificates can be loaded from the system
271
293
# certificate store by setting this to cert_store://<name>, e.g.,
272
294
# ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT".
295
# Note that when running wpa_supplicant as an application, the user
296
# certificate store (My user account) is used, whereas computer store
297
# (Computer account) is used when running wpasvc as a service.
273
298
# ca_path: Directory path for CA certificate files (PEM). This path may
274
299
# contain multiple CA certificates in OpenSSL format. Common use for this
275
300
# is to point to system trusted CA list which is often installed into
291
316
# cert://substring_to_match
292
317
# hash://certificate_thumbprint_in_hex
293
318
# for example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
319
# Note that when running wpa_supplicant as an application, the user
320
# certificate store (My user account) is used, whereas computer store
321
# (Computer account) is used when running wpasvc as a service.
294
322
# Alternatively, a named configuration blob can be used by setting this
295
323
# to blob://<blob name>.
296
324
# private_key_passwd: Password for private key file (if left out, this will be