--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3154,6 +3154,8 @@ static int hostapd_config_fill(struct ho
 		bss->ft_psk_generate_local = atoi(pos);
 	} else if (os_strcmp(buf, "ft_l2_refresh") == 0) {
 		bss->ft_l2_refresh = atoi(pos);
+	} else if (os_strcmp(buf, "ft_key") == 0) {
+		strncpy(bss->ft_key, pos, sizeof(bss->ft_key));
 #endif /* CONFIG_IEEE80211R_AP */
 #ifndef CONFIG_NO_CTRL_IFACE
 	} else if (os_strcmp(buf, "ctrl_interface") == 0) {
@@ -4996,8 +4998,22 @@ struct hostapd_config * hostapd_config_r
 
 	fclose(f);
 
-	for (i = 0; i < conf->num_bss; i++)
+	for (i = 0; i < conf->num_bss; i++) {
+		if (*conf->bss[i]->ft_key) {
+			u8 buffer[128];
+			sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X%02X%02X%02X%02X%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+			add_r0kh(conf->bss[i], buffer);
+			sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X:%02X:%02X:%02X:%02X:%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+			add_r1kh(conf->bss[i], buffer);
+			sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key);
+			add_r0kh(conf->bss[i], buffer);
+			sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key);
+			add_r1kh(conf->bss[i], buffer);
+			hexstr2bin(conf->bss[i]->bssid, conf->bss[i]->r1_key_holder, FT_R1KH_ID_LEN); 
+			conf->bss[i]->r0_key_holder_bssid = 1;
+		}
 		hostapd_set_security_params(conf->bss[i], 1);
+	}
 
 	if (hostapd_config_check(conf, 1))
 		errors++;
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -403,6 +403,7 @@ struct hostapd_bss_config {
 	int ft_psk_generate_local;
 	int ft_l2_refresh;
 	int r1_max_key_lifetime;
+	u8 ft_key[65];
 #endif /* CONFIG_IEEE80211R_AP */
 
 	char *ctrl_interface; /* directory for UNIX domain sockets */
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -390,6 +390,7 @@ struct hostapd_bss_config {
 	/* IEEE 802.11r - Fast BSS Transition */
 	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
 	u8 r1_key_holder[FT_R1KH_ID_LEN];
+	int r0_key_holder_bssid;
 	u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
 	int rkh_pos_timeout;
 	int rkh_neg_timeout;
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -80,7 +80,10 @@ static void hostapd_wpa_auth_conf(struct
 	os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
 	os_memcpy(wconf->mobility_domain, conf->mobility_domain,
 		  MOBILITY_DOMAIN_ID_LEN);
-	if (conf->nas_identifier &&
+	if (1 || conf->r0_key_holder_bssid) {
+		sprintf(wconf->r0_key_holder, "%02X%02X%02X%02X%02X%02X", MAC2STR(conf->bssid));
+		wconf->r0_key_holder_len = 12;
+	} else if (conf->nas_identifier &&
 	    os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
 		wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
 		os_memcpy(wconf->r0_key_holder, conf->nas_identifier,