Re: 2 questions...



On Tue, 2005-07-26 at 12:58 -0400, warlord wrote:
> Quoting Colin Walters <walters verbum org>:
> 
> >> Having to restart gaim or psi or other apps because there's a
> >> race condition between login and network startup?
> 
> You ignored this issue...

I ignored it because Dan answered it: all applications have to handle
network unavailability at any time.

> Because I don't want my kerberos password cached.. Anywhere.. Anytime.  

What is the threat, exactly?  Laptop theft?  In that case, since the
password is only cached in memory, as soon the thief reboots the laptop,
the password is gone.  Note also that we could clear the password from
the memory cache on suspend; when you unsuspend the screensaver comes
up, and we regenerate the memory cache from that.

>  It only knows my keys derived from my 
> password. But honestly I'm sorry I brought up Kerberos -- it's 
> detracting from the real
> issue which is that Wireless and Wired networks are treated differently during
> the startup sequence.

I answered this elsewhere; they aren't really.

> Who said anything about requiring users to "SysAdmin type things"?  I 
> never did.

You said:

"Meanwhile, storing network passwords in a place that only root/NM
can get to it?"

I interpreted that as requiring a root password to change.

> I've ALWAYS said that NM should remember the preferences globally instead of
> storing them in nm-applet.  

I don't think we want to do that as we do want to support the multiuser
laptop case.  Imagine a family with a father and a daughter.  The father
takes the laptop to work and logs into the corporate wireless network
and VPN.  The daughter wants to use the laptop at home.  The daughter
really likes to install lots of random software from the internet.

If the networks are per-user, malware installed in the daughter's
account can't email the father's network passwords and VPN configuration
to the world.  So I think we should keep strong separation between users
wherever possible, and in this case, we can.

> I agree that any time an end user needs the root password we have failed.  I
> certainly don't want to have to type that just to connect to a new/different
> wireless network.  OTOH I *DO* want the wireless network to come up on its own
> BEFORE I LOGIN if it's a network I've ever seen before (or an open network).

Again, every application has to handle the case where you power on your
laptop without any network connectivity at all, and know what to do when
it comes back or vanishes.  The only reason to start before login would
be the implementation detail of letting pam_krb5 talk to the Kerberos
server, and we already came up with a solution for that with ccreds and
krb5-auth-dialog.

Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]