• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
2
3<refentry>
4  <refmeta>
5    <refentrytitle>wpa_supplicant</refentrytitle>
6    <manvolnum>8</manvolnum>
7  </refmeta>
8  <refnamediv>
9    <refname>wpa_supplicant</refname>
10    <refpurpose>Wi-Fi Protected Access client and IEEE 802.1X supplicant</refpurpose>
11  </refnamediv>
12  <refsynopsisdiv>
13    <cmdsynopsis>
14      <command>wpa_supplicant</command>
15      <arg>-BddfhKLqqtuvW</arg>
16      <arg>-i<replaceable>ifname</replaceable></arg>
17      <arg>-c<replaceable>config file</replaceable></arg>
18      <arg>-D<replaceable>driver</replaceable></arg>
19      <arg>-P<replaceable>PID_file</replaceable></arg>
20      <arg>-f<replaceable>output file</replaceable></arg>
21    </cmdsynopsis>
22  </refsynopsisdiv>
23  <refsect1>
24    <title>Overview</title>
25
26    <para>
27    Wireless networks do not require physical access to the network equipment
28    in the same way as wired networks. This makes it easier for unauthorized
29    users to passively monitor a network and capture all transmitted frames.
30    In addition, unauthorized use of the network is much easier. In many cases,
31    this can happen even without user's explicit knowledge since the wireless
32    LAN adapter may have been configured to automatically join any available
33    network.
34    </para>
35
36    <para>
37    Link-layer encryption can be used to provide a layer of security for
38    wireless networks. The original wireless LAN standard, IEEE 802.11,
39    included a simple encryption mechanism, WEP. However, that proved to
40    be flawed in many areas and network protected with WEP cannot be consider
41    secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
42    can be used to improve the network security, but even that has inherited
43    security issues due to the use of WEP for encryption. Wi-Fi Protected
44    Access and IEEE 802.11i amendment to the wireless LAN standard introduce
45    a much improvement mechanism for securing wireless networks. IEEE 802.11i
46    enabled networks that are using CCMP (encryption mechanism based on strong
47    cryptographic algorithm AES) can finally be called secure used for
48    applications which require efficient protection against unauthorized
49    access.
50    </para>
51
52    <para><command>wpa_supplicant</command> is an implementation of
53    the WPA Supplicant component, i.e., the part that runs in the
54    client stations. It implements WPA key negotiation with a WPA
55    Authenticator and EAP authentication with Authentication
56    Server. In addition, it controls the roaming and IEEE 802.11
57    authentication/association of the wireless LAN driver.</para>
58
59    <para><command>wpa_supplicant</command> is designed to be a
60    "daemon" program that runs in the background and acts as the
61    backend component controlling the wireless
62    connection. <command>wpa_supplicant</command> supports separate
63    frontend programs and an example text-based frontend,
64    <command>wpa_cli</command>, is included with
65    wpa_supplicant.</para>
66
67    <para>Before wpa_supplicant can do its work, the network interface
68    must be available.  That means that the physical device must be
69    present and enabled, and the driver for the device must be
70    loaded. The daemon will exit immediately if the device is not already
71    available.</para>
72
73    <para>After <command>wpa_supplicant</command> has configured the
74    network device, higher level configuration such as DHCP may
75    proceed.  There are a variety of ways to integrate wpa_supplicant
76    into a machine's networking scripts, a few of which are described
77    in sections below.</para>
78
79    <para>The following steps are used when associating with an AP
80    using WPA:</para>
81
82    <itemizedlist>
83      <listitem>
84	<para><command>wpa_supplicant</command> requests the kernel
85	driver to scan neighboring BSSes</para>
86      </listitem>
87
88      <listitem>
89	<para><command>wpa_supplicant</command> selects a BSS based on
90	its configuration</para>
91      </listitem>
92
93      <listitem>
94	<para><command>wpa_supplicant</command> requests the kernel
95        driver to associate with the chosen BSS</para>
96      </listitem>
97
98      <listitem>
99	<para>If WPA-EAP: integrated IEEE 802.1X Supplicant
100        completes EAP authentication with the
101        authentication server (proxied by the Authenticator in the
102        AP)</para>
103      </listitem>
104
105      <listitem>
106	<para>If WPA-EAP: master key is received from the IEEE 802.1X
107	Supplicant</para>
108      </listitem>
109
110      <listitem>
111	<para>If WPA-PSK: <command>wpa_supplicant</command> uses PSK
112	as the master session key</para>
113      </listitem>
114
115      <listitem>
116	<para><command>wpa_supplicant</command> completes WPA 4-Way
117        Handshake and Group Key Handshake with the Authenticator
118        (AP)</para>
119      </listitem>
120
121      <listitem>
122	<para><command>wpa_supplicant</command> configures encryption
123	keys for unicast and broadcast</para>
124      </listitem>
125
126      <listitem>
127	<para>normal data packets can be transmitted and received</para>
128      </listitem>
129    </itemizedlist>
130  </refsect1>
131
132  <refsect1>
133    <title>Supported Features</title>
134    <para>Supported WPA/IEEE 802.11i features:</para>
135    <itemizedlist>
136      <listitem>
137	<para>WPA-PSK ("WPA-Personal")</para>
138      </listitem>
139
140      <listitem>
141	<para>WPA with EAP (e.g., with RADIUS authentication server)
142       ("WPA-Enterprise") Following authentication methods are
143       supported with an integrate IEEE 802.1X Supplicant:</para>
144
145	<itemizedlist>
146	  <listitem>
147	    <para>EAP-TLS</para>
148	  </listitem>
149	</itemizedlist>
150
151	<itemizedlist>
152	  <listitem>
153	    <para>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</para>
154	  </listitem>
155
156
157	  <listitem>
158	    <para>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</para>
159	  </listitem>
160
161	  <listitem>
162	    <para>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</para>
163	  </listitem>
164
165	  <listitem>
166	    <para>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</para>
167	  </listitem>
168
169	  <listitem>
170	    <para>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</para>
171	  </listitem>
172
173	  <listitem>
174	    <para>EAP-TTLS/EAP-MD5-Challenge</para>
175	  </listitem>
176
177	  <listitem>
178	    <para>EAP-TTLS/EAP-GTC</para>
179	  </listitem>
180
181          <listitem><para>EAP-TTLS/EAP-OTP</para></listitem>
182
183          <listitem><para>EAP-TTLS/EAP-MSCHAPv2</para></listitem>
184
185          <listitem><para>EAP-TTLS/EAP-TLS</para></listitem>
186
187          <listitem><para>EAP-TTLS/MSCHAPv2</para></listitem>
188
189          <listitem><para>EAP-TTLS/MSCHAP</para></listitem>
190
191          <listitem><para>EAP-TTLS/PAP</para></listitem>
192
193          <listitem><para>EAP-TTLS/CHAP</para></listitem>
194
195          <listitem><para>EAP-SIM</para></listitem>
196
197          <listitem><para>EAP-AKA</para></listitem>
198
199          <listitem><para>EAP-PSK</para></listitem>
200
201          <listitem><para>EAP-PAX</para></listitem>
202
203          <listitem><para>LEAP (note: requires special support from
204          the driver for IEEE 802.11 authentication)</para></listitem>
205
206          <listitem><para>(following methods are supported, but since
207          they do not generate keying material, they cannot be used
208          with WPA or IEEE 802.1X WEP keying)</para></listitem>
209
210          <listitem><para>EAP-MD5-Challenge </para></listitem>
211
212          <listitem><para>EAP-MSCHAPv2</para></listitem>
213
214          <listitem><para>EAP-GTC</para></listitem>
215
216          <listitem><para>EAP-OTP</para></listitem>
217	</itemizedlist>
218      </listitem>
219
220      <listitem>
221	<para>key management for CCMP, TKIP, WEP104, WEP40</para>
222      </listitem>
223
224      <listitem>
225	<para>RSN/WPA2 (IEEE 802.11i)</para>
226	<itemizedlist>
227	  <listitem>
228	    <para>pre-authentication</para>
229	  </listitem>
230
231	  <listitem>
232	    <para>PMKSA caching</para>
233	  </listitem>
234	</itemizedlist>
235      </listitem>
236    </itemizedlist>
237  </refsect1>
238
239  <refsect1>
240    <title>Available Drivers</title>
241    <para>A summary of available driver backends is below. Support for each
242    of the driver backends is chosen at wpa_supplicant compile time. For a
243    list of supported driver backends that may be used with the -D option on
244    your system, refer to the help output of wpa_supplicant
245    (<emphasis>wpa_supplicant -h</emphasis>).</para>
246
247    <variablelist>
248      <varlistentry>
249	<term>hostap</term>
250	<listitem>
251	  <para>(default) Host AP driver (Intersil Prism2/2.5/3).
252  	  (this can also be used with Linuxant DriverLoader).</para>
253	</listitem>
254      </varlistentry>
255
256      <varlistentry>
257	<term>hermes</term>
258	<listitem>
259	  <para>Agere Systems Inc. driver (Hermes-I/Hermes-II).</para>
260	</listitem>
261      </varlistentry>
262
263      <varlistentry>
264	<term>madwifi</term>
265	<listitem>
266	  <para>MADWIFI 802.11 support (Atheros, etc.).</para>
267	</listitem>
268      </varlistentry>
269
270      <varlistentry>
271	<term>wext</term>
272	<listitem>
273	  <para>Linux wireless extensions (generic).</para>
274	</listitem>
275      </varlistentry>
276
277      <varlistentry>
278	<term>broadcom</term>
279	<listitem>
280	  <para>Broadcom wl.o driver.</para>
281	</listitem>
282      </varlistentry>
283
284      <varlistentry>
285	<term>wired</term>
286	<listitem>
287	  <para>wpa_supplicant wired Ethernet driver</para>
288	</listitem>
289      </varlistentry>
290
291      <varlistentry>
292	<term>roboswitch</term>
293	<listitem>
294	  <para>wpa_supplicant Broadcom switch driver</para>
295	</listitem>
296      </varlistentry>
297
298      <varlistentry>
299	<term>bsd</term>
300	<listitem>
301	  <para>BSD 802.11 support (Atheros, etc.).</para>
302	</listitem>
303      </varlistentry>
304
305      <varlistentry>
306	<term>ndis</term>
307	<listitem>
308	  <para>Windows NDIS driver.</para>
309	</listitem>
310      </varlistentry>
311    </variablelist>
312  </refsect1>
313
314  <refsect1>
315    <title>Command Line Options</title>
316    <para>Most command line options have global scope. Some are given per
317    interface, and are only valid if at least one <option>-i</option> option
318    is specified, otherwise they're ignored. Option groups for different
319    interfaces must be separated by <option>-N</option> option.</para>
320    <variablelist>
321      <varlistentry>
322	<term>-b br_ifname</term>
323	<listitem>
324	  <para>Optional bridge interface name. (Per interface)</para>
325	</listitem>
326      </varlistentry>
327
328      <varlistentry>
329	<term>-B</term>
330	<listitem>
331	  <para>Run daemon in the background.</para>
332	</listitem>
333      </varlistentry>
334
335      <varlistentry>
336	<term>-c filename</term>
337	<listitem>
338	  <para>Path to configuration file. (Per interface)</para>
339	</listitem>
340      </varlistentry>
341
342      <varlistentry>
343	<term>-C ctrl_interface</term>
344	<listitem>
345	  <para>Path to ctrl_interface socket (Per interface. Only used if
346		  <option>-c</option> is not).</para>
347	</listitem>
348      </varlistentry>
349
350      <varlistentry>
351	<term>-i ifname</term>
352	<listitem>
353	  <para>Interface to listen on. Multiple instances of this option can
354	  be present, one per interface, separated by <option>-N</option>
355	  option (see below).</para>
356	</listitem>
357      </varlistentry>
358
359      <varlistentry>
360	<term>-d</term>
361	<listitem>
362	  <para>Increase debugging verbosity (<option>-dd</option> even
363		  more).</para>
364	</listitem>
365      </varlistentry>
366
367      <varlistentry>
368	<term>-D driver</term>
369	<listitem>
370	  <para>Driver to use (can be multiple drivers: nl80211,wext).
371		  (Per interface, see the available options below.)</para>
372	</listitem>
373      </varlistentry>
374
375      <varlistentry>
376	<term>-f output file</term>
377	<listitem>
378	  <para>Log output to specified file instead of stdout.</para>
379	</listitem>
380      </varlistentry>
381
382      <varlistentry>
383	<term>-g global ctrl_interface</term>
384	<listitem>
385	  <para>Path to global ctrl_interface socket. If specified, interface
386	  definitions may be omitted.</para>
387	</listitem>
388      </varlistentry>
389
390      <varlistentry>
391	<term>-K</term>
392	<listitem>
393	  <para>Include keys (passwords, etc.) in debug output.</para>
394	</listitem>
395      </varlistentry>
396
397      <varlistentry>
398	<term>-t</term>
399	<listitem>
400	  <para>Include timestamp in debug messages.</para>
401	</listitem>
402      </varlistentry>
403
404      <varlistentry>
405	<term>-h</term>
406	<listitem>
407	  <para>Help.  Show a usage message.</para>
408	</listitem>
409      </varlistentry>
410
411      <varlistentry>
412	<term>-L</term>
413	<listitem>
414	  <para>Show license (GPL and BSD).</para>
415	</listitem>
416      </varlistentry>
417
418      <varlistentry>
419	<term>-p</term>
420	<listitem>
421	  <para>Driver parameters. (Per interface)</para>
422	</listitem>
423      </varlistentry>
424
425      <varlistentry>
426	<term>-P PID_file</term>
427	<listitem>
428	  <para>Path to PID file.</para>
429	</listitem>
430      </varlistentry>
431
432      <varlistentry>
433	<term>-q</term>
434	<listitem>
435	  <para>Decrease debugging verbosity (<option>-qq</option> even
436		  less).</para>
437	</listitem>
438      </varlistentry>
439
440      <varlistentry>
441	<term>-u</term>
442	<listitem>
443	  <para>Enabled DBus control interface. If enabled, interface
444	  definitions may be omitted.</para>
445	</listitem>
446      </varlistentry>
447
448      <varlistentry>
449	<term>-v</term>
450	<listitem>
451	  <para>Show version.</para>
452	</listitem>
453      </varlistentry>
454
455      <varlistentry>
456	<term>-W</term>
457	<listitem>
458	  <para>Wait for a control interface monitor before starting.</para>
459	</listitem>
460      </varlistentry>
461
462      <varlistentry>
463	<term>-N</term>
464	<listitem>
465	  <para>Start describing new interface.</para>
466	</listitem>
467      </varlistentry>
468    </variablelist>
469  </refsect1>
470
471  <refsect1>
472    <title>Examples</title>
473
474    <para>In most common cases, <command>wpa_supplicant</command> is
475    started with:</para>
476
477<blockquote><programlisting>
478wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
479</programlisting></blockquote>
480
481    <para>This makes the process fork into background.</para>
482
483    <para>The easiest way to debug problems, and to get debug log for
484    bug reports, is to start <command>wpa_supplicant</command> on
485    foreground with debugging enabled:</para>
486
487<blockquote><programlisting>
488wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
489</programlisting></blockquote>
490
491    <para>If the specific driver wrapper is not known beforehand, it is
492    possible to specify multiple comma separated driver wrappers on the command
493    line. <command>wpa_supplicant</command> will use the first driver
494    wrapper that is able to initialize the interface.</para>
495
496<blockquote><programlisting>
497wpa_supplicant -Dnl80211,wext -c/etc/wpa_supplicant.conf -iwlan0
498</programlisting></blockquote>
499
500    <para><command>wpa_supplicant</command> can control multiple
501    interfaces (radios) either by running one process for each
502    interface separately or by running just one process and list of
503    options at command line. Each interface is separated with -N
504    argument. As an example, following command would start
505    wpa_supplicant for two interfaces:</para>
506
507<blockquote><programlisting>
508wpa_supplicant \
509	-c wpa1.conf -i wlan0 -D hostap -N \
510	-c wpa2.conf -i ath0 -D madwifi
511</programlisting></blockquote>
512  </refsect1>
513
514  <refsect1>
515    <title>OS Requirements</title>
516    <para>Current hardware/software requirements:</para>
517
518    <itemizedlist>
519      <listitem>
520	<para>Linux kernel 2.4.x or 2.6.x with Linux Wireless
521	Extensions v15 or newer</para>
522      </listitem>
523
524
525      <listitem>
526	<para>FreeBSD 6-CURRENT</para>
527      </listitem>
528
529      <listitem>
530	<para>Microsoft Windows with WinPcap (at least WinXP, may work
531	with other versions)</para>
532      </listitem>
533    </itemizedlist>
534  </refsect1>
535
536  <refsect1>
537    <title>Supported Drivers</title>
538    <variablelist>
539      <varlistentry>
540	<term>Host AP driver for Prism2/2.5/3 (development
541	snapshot/v0.2.x)</term>
542	<listitem>
543	  <para> (http://hostap.epitest.fi/) Driver needs to be set in
544	  Managed mode (<emphasis>iwconfig wlan0 mode managed</emphasis>).
545	  Please note that station firmware version needs to be 1.7.0 or
546	  newer to work in WPA mode.</para>
547	</listitem>
548      </varlistentry>
549
550      <varlistentry>
551	<term>Linuxant DriverLoader</term>
552	<listitem>
553	  <para>(http://www.linuxant.com/driverloader/)
554	with Windows NDIS driver for your wlan card supporting WPA.</para>
555	</listitem>
556      </varlistentry>
557
558      <varlistentry>
559	<term>Agere Systems Inc. Linux Driver</term>
560	<listitem>
561	  <para> (http://www.agere.com/support/drivers/) Please note
562	that the driver interface file (driver_hermes.c) and hardware
563	specific include files are not included in the wpa_supplicant
564	distribution. You will need to copy these from the source
565	package of the Agere driver.</para>
566	</listitem>
567      </varlistentry>
568
569      <varlistentry>
570	<term>madwifi driver for cards based on Atheros chip set (ar521x)</term>
571	<listitem>
572	  <para> (http://sourceforge.net/projects/madwifi/) Please
573	note that you will need to modify the wpa_supplicant .config
574	file to use the correct path for the madwifi driver root
575	directory (CFLAGS += -I../madwifi/wpa line in example
576	defconfig).</para>
577	</listitem>
578      </varlistentry>
579
580      <varlistentry>
581	<term>Linux ndiswrapper</term>
582	<listitem>
583	  <para> (http://ndiswrapper.sourceforge.net/) with Windows
584	NDIS driver.</para>
585	</listitem>
586      </varlistentry>
587
588      <varlistentry>
589	<term>Broadcom wl.o driver</term>
590	<listitem>
591	  <para> This is a generic Linux driver for Broadcom IEEE
592	802.11a/g cards.  However, it is proprietary driver that is
593	not publicly available except for couple of exceptions, mainly
594	Broadcom-based APs/wireless routers that use Linux. The driver
595	binary can be downloaded, e.g., from Linksys support site
596	(http://www.linksys.com/support/gpl.asp) for Linksys
597	WRT54G. The GPL tarball includes cross-compiler and the needed
598	header file, wlioctl.h, for compiling wpa_supplicant.  This
599	driver support in wpa_supplicant is expected to work also with
600	other devices based on Broadcom driver (assuming the driver
601	includes client mode support).</para>
602	</listitem>
603      </varlistentry>
604
605      <varlistentry>
606	<term> Intel ipw2100 driver</term>
607	<listitem>
608	  <para> (http://sourceforge.net/projects/ipw2100/)</para>
609	</listitem>
610      </varlistentry>
611
612      <varlistentry>
613	<term>Intel ipw2200 driver</term>
614	<listitem>
615	  <para> (http://sourceforge.net/projects/ipw2200/)</para>
616	</listitem>
617      </varlistentry>
618
619      <varlistentry>
620	<term>Linux wireless extensions</term>
621	<listitem>
622	  <para>In theory, any driver that supports Linux wireless
623	extensions can be used with IEEE 802.1X (i.e., not WPA) when
624	using ap_scan=0 option in configuration file.</para>
625	</listitem>
626      </varlistentry>
627
628      <varlistentry>
629	<term>Wired Ethernet drivers</term>
630	<listitem>
631	  <para>Use ap_scan=0.</para>
632	</listitem>
633      </varlistentry>
634
635      <varlistentry>
636	<term>BSD net80211 layer (e.g., Atheros driver)</term>
637	<listitem>
638	  <para>At the moment, this is for FreeBSD 6-CURRENT branch.</para>
639	</listitem>
640      </varlistentry>
641
642      <varlistentry>
643	<term>Windows NDIS</term>
644	<listitem>
645	  <para>The current Windows port requires WinPcap
646	(http://winpcap.polito.it/).  See README-Windows.txt for more
647	information.</para>
648	</listitem>
649      </varlistentry>
650    </variablelist>
651
652
653    <para>wpa_supplicant was designed to be portable for different
654    drivers and operating systems. Hopefully, support for more wlan
655    cards and OSes will be added in the future. See developer.txt for
656    more information about the design of wpa_supplicant and porting to
657    other drivers. One main goal is to add full WPA/WPA2 support to
658    Linux wireless extensions to allow new drivers to be supported
659    without having to implement new driver-specific interface code in
660    wpa_supplicant.</para>
661  </refsect1>
662
663  <refsect1>
664    <title>Architecture</title> <para>The
665    <command>wpa_supplicant</command> system consists of the following
666    components:</para>
667
668    <variablelist>
669      <varlistentry>
670	<term><filename>wpa_supplicant.conf</filename> </term>
671	<listitem>
672        <para>the configuration file describing all networks that the
673        user wants the computer to connect to.  </para>
674	</listitem>
675      </varlistentry>
676      <varlistentry>
677	<term><command>wpa_supplicant</command></term>
678        <listitem><para>the program that directly interacts with the
679        network interface.  </para></listitem>
680      </varlistentry>
681      <varlistentry>
682	<term><command>wpa_cli</command></term> <listitem><para> the
683	client program that provides a high-level interface to the
684	functionality of the daemon.  </para></listitem>
685      </varlistentry>
686      <varlistentry>
687	<term><command>wpa_passphrase</command></term>
688        <listitem><para>a utility needed to construct
689        <filename>wpa_supplicant.conf</filename> files that include
690        encrypted passwords.</para></listitem>
691      </varlistentry>
692    </variablelist>
693  </refsect1>
694
695  <refsect1>
696    <title>Quick Start</title>
697
698    <para>First, make a configuration file, e.g.
699    <filename>/etc/wpa_supplicant.conf</filename>, that describes the networks
700    you are interested in.  See <citerefentry>
701	<refentrytitle>wpa_supplicant.conf</refentrytitle>
702	<manvolnum>5</manvolnum>
703      </citerefentry>
704    for details.</para>
705
706    <para>Once the configuration is ready, you can test whether the
707    configuration works by running <command>wpa_supplicant</command>
708    with following command to start it on foreground with debugging
709    enabled:</para>
710
711    <blockquote><programlisting>
712wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
713    </programlisting></blockquote>
714
715    <para>Assuming everything goes fine, you can start using following
716    command to start <command>wpa_supplicant</command> on background
717    without debugging:</para>
718
719    <blockquote><programlisting>
720wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
721    </programlisting></blockquote>
722
723    <para>Please note that if you included more than one driver
724    interface in the build time configuration (.config), you may need
725    to specify which interface to use by including -D&lt;driver
726    name&gt; option on the command line.</para>
727
728    <!-- XXX at this point, the page could include a little script
729         based on wpa_cli to wait for a connection and then run
730         dhclient -->
731
732  </refsect1>
733
734  <refsect1>
735    <title>Interface to pcmcia-cs/cardmrg</title>
736
737    <para>For example, following small changes to pcmcia-cs scripts
738    can be used to enable WPA support:</para>
739
740    <para>Add MODE="Managed" and WPA="y" to the network scheme in
741    <filename>/etc/pcmcia/wireless.opts</filename>.</para>
742
743    <para>Add the following block to the end of <emphasis>start</emphasis>
744    action handler in <filename>/etc/pcmcia/wireless</filename>:</para>
745
746    <blockquote><programlisting>
747if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
748    /usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
749fi
750    </programlisting></blockquote>
751
752
753    <para>Add the following block to the end of <emphasis>stop</emphasis>
754    action handler (may need to be separated from other actions) in
755    <filename>/etc/pcmcia/wireless</filename>:</para>
756
757    <blockquote><programlisting>
758if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
759    killall wpa_supplicant
760fi
761    </programlisting></blockquote>
762
763    <para>This will make <command>cardmgr</command> start
764    <command>wpa_supplicant</command> when the card is plugged
765    in.</para>
766  </refsect1>
767
768  <refsect1>
769    <title>See Also</title>
770    <para>
771      <citerefentry>
772	<refentrytitle>wpa_background</refentrytitle>
773	<manvolnum>8</manvolnum>
774      </citerefentry>
775      <citerefentry>
776	<refentrytitle>wpa_supplicant.conf</refentrytitle>
777	<manvolnum>5</manvolnum>
778      </citerefentry>
779      <citerefentry>
780	<refentrytitle>wpa_cli</refentrytitle>
781	<manvolnum>8</manvolnum>
782      </citerefentry>
783      <citerefentry>
784	<refentrytitle>wpa_passphrase</refentrytitle>
785	<manvolnum>8</manvolnum>
786      </citerefentry>
787    </para>
788  </refsect1>
789  <refsect1>
790    <title>Legal</title>
791    <para>wpa_supplicant is copyright (c) 2003-2007,
792    Jouni Malinen <email>j@w1.fi</email> and
793    contributors.
794    All Rights Reserved.</para>
795
796    <para>This program is dual-licensed under both the GPL version 2
797    and BSD license. Either license may be used at your option.</para>
798  </refsect1>
799</refentry>
800