WPA_CLI(8) MidnightBSD System Manager’s Manual WPA_CLI(8)
wpa_cli — text-based frontend program for interacting with wpa_supplicant
The wpa_cli utility is a text-based frontend program for interacting with wpa_supplicant(8). It is used to query current status, change configuration, trigger events, and request interactive user input.
The wpa_cli utility can show the current authentication status, selected security mode, dot11 and dot1x MIBs, etc. In addition, wpa_cli can configure EAPOL state machine parameters and trigger events such as reassociation and IEEE 802.1X logoff/logon.
The wpa_cli utility provides an interface to supply authentication information such as username and password when it is not provided in the wpa_supplicant.conf(5) configuration file. This can be used, for example, to implement one-time passwords or generic token card authentication where the authentication is based on a challenge-response that uses an external device for generating the response.
The wpa_cli utility supports two modes: interactive and command line. Both modes share the same command set and the main difference is in interactive mode providing access to unsolicited messages (event messages, username/password requests).
Interactive mode is started when wpa_cli is executed without any parameters on the command line. Commands are then entered from the controlling terminal in response to the wpa_cli prompt. In command line mode, the same commands are entered as command line arguments.
The control interface of wpa_supplicant(8) can be configured to allow non-root user access by using the ctrl_interface_group parameter in the wpa_supplicant.conf(5) configuration file. This makes it possible to run wpa_cli with a normal user account.
When wpa_supplicant(8) needs authentication parameters, such as username and password, that are not present in the configuration file, it sends a request message to all attached frontend programs, e.g., wpa_cli in interactive mode. The wpa_cli utility shows these requests with a ‘‘CTRL-REQ-〈
id 〉:〈text〉’’ prefix, where 〈type〉 is IDENTITY, PASSWORD, or OTP (One-Time Password), 〈id〉 is a unique identifier for the current network, 〈text〉 is a description of the request. In the case of an OTP (One-Time Password) request, it includes the challenge from the authentication server.
A user must supply wpa_supplicant(8) the needed parameters in response to these requests.
CTRL-REQ-PASSWORD-1:Password needed for SSID foobar
> password 1 mysecretpassword
Example request for generic token card challenge-response:
CTRL-REQ-OTP-2:Challenge 1235663 needed for SSID foobar
> otp 2 9876
The following commands may be supplied on the command line or at a prompt when operating interactively.
Report the current WPA/EAPOL/EAP status for the current interface.
Report MIB variables (dot1x, dot11) for the current interface.
Show usage help.
Show available interfaces and/or set the current interface when multiple are available.
Change the debugging level in wpa_supplicant(8). Larger numbers generate more messages.
Display the full license for wpa_cli.
Send the IEEE 802.1X EAPOL state machine into the ‘‘logoff’’ state.
Send the IEEE 802.1X EAPOL state machine into the ‘‘logon’’ state.
Set variables. When no arguments are supplied, the known variables and their settings are displayed.
Show the contents of the PMKSA cache.
Force a reassociation to the current access point.
Force wpa_supplicant(8) to re-read its configuration file.
Force preauthentication of the specified BSSID.
identity network_id identity
Configure an identity for an SSID.
password network_id password
Configure a password for an SSID.
otp network_id password
Configure a one-time password for an SSID.
Force wpa_supplicant(8) to terminate.
The wpa_cli utility first appeared in FreeBSD 6.0.
The wpa_cli utility was written by Jouni Malinen 〈email@example.com〉. This manual page is derived from the README file included in the wpa_supplicant distribution.
MidnightBSD 0.3 June 16, 2005 MidnightBSD 0.3