The wpa_cli utility can show the current authentication status, selected security mode, dot11 and dot1x MIBs, etc. In addition, wpa_cli can configure EAPOL state machine parameters and trigger events such as reassociation and IEEE 802.1X logoff/logon.
The wpa_cli utility provides an interface to supply authentication information such as username and password when it is not provided in the wpa_supplicant.conf(5) configuration file. This can be used, for example, to implement one-time passwords or generic token card authentication where the authentication is based on a challenge-response that uses an external device for generating the response.
The wpa_cli utility supports two modes: interactive and command line. Both modes share the same command set and the main difference is that in interactive mode, wpa_cli provides access to unsolicited messages (event messages, username/password requests).
Interactive mode is started when wpa_cli is executed without any parameters on the command line. Commands are then entered from the controlling terminal in response to the wpa_cli prompt. In command line mode, the same commands are entered as command line arguments.
The control interface of wpa_supplicant(8) can be configured to allow non-root user access by using the ctrl_interface_group parameter in the wpa_supplicant.conf(5) configuration file. This makes it possible to run wpa_cli with a normal user account.
CTRL-REQ-
type<.blm Pp
-
id<.blm Pp
<:text > >>''
prefix, where
<type>
is
IDENTITY
, PASSWORD
,
or
OTP
(one-time password),
<id>
is a unique identifier for the current network, and
<text>
is description of the request.
In the case of a
OTP
(One Time Password) request,
it includes the challenge from the authentication server.
A user must supply wpa_supplicant(8) the needed parameters in response to these requests.
For example,
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
> password 1 mysecretpassword
Example request for generic token card challenge-response:
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
> otp 2 9876
README
file included in the
wpa_supplicant
distribution.