Alternatively you can use EAP-TLS and certificates to authenticate with the Radius server.

hostapd.conf

ca_cert=/conf/ssl/CA.pem
server_cert=/conf/ssl/crt.pem
private_key=/conf/ssl/key.pem