Skip to content

supplicant: increase the PMK lifetime for WPA-EAP

Beniamino Galvani requested to merge bg/wifi-pmk-lifetime into main

By default, wpa_supplicant sets these parameters according to the 802.11 standard:

  dot11RSNAConfigPMKLifetime = 43200 seconds (12 hours)
  dot11RSNAConfigPMKReauthThreshold = 70%

With these, the supplicant triggers a new EAP authentication every 8 hours and 24 minutes. If the network uses one-time secrets, the reauthentication fails and the supplicant disconnects. It doesn't seem desirable that the client starts a reauthentication so early; bump the lifetime to a week.

Currently, due to a bug, the new value is ignored by wpa_supplicant when set via D-Bus. This patch needs the fix at [1], not yet merged.

[1] http://lists.infradead.org/pipermail/hostap/2022-July/040664.html

Merge request reports