Re: Phase2 patch

From: Dan Williams <dcbw redhat com>
To: Volker Braun <volker braun physik hu-berlin de>
Cc: networkmanager-list gnome org
Subject: Re: Phase2 patch
Date: Sat, 27 Jan 2007 09:10:57 -0500

On Fri, 2007-01-26 at 23:57 +0000, Volker Braun wrote:
> Dear List,
> 
> Here is a patch against 0.6.4 to configure the most common phase2
> options. Almost all of it was written by Stefan Schmidt <stefan at
> datenfreihafen.org>, i just fixed some remaining bugs:
> 
> http://carrot.hep.upenn.edu/~vbraun/phase2.patch

Quick note; patch looks great!  But I've got a longer slightly more
depressing reply to this that I'm still working on.  The short answer is
that the UI bits are great, but we need to ensure backwards compat with
the libnm-util C ABI and the NM DBus API.  But I think I've got a handle
on that, and that it's possible, although ugly.

Dan

> (Actually, it is a patch against what is in the FC6 srpm, which apparently
> is some cvs version from August and patches. Sorry for that, but I promise
> to rediff it if requested)
> 
> Now I know that adding another option to the WPA Enterprise dialog is
> not going to yield any praises, but on the other hand side it makes it
> useful for me (Dynamic WEP + phase2 PAP). I know that the whole
> dialog has to become smarter, but some phase2 options ought to
> stay.
> 
> This patch is my main reason for posting this, but while I'm on it here
> are two more topics:
> 
> 
> ==== 1) WPA Enterprise passwords not saved to keyring ====
> 
> There are two "secrets" in the WPA Enterprise dialog: The password and
> the passphrase for the private key. Only the latter is stored in the
> gnome-keyring.
> 
> Whats really broken is, of course, the dialog: you either have a
> password or a private key. A dirty hack would be to at least store the
> password in the gnome-keyring and disable the private key
> passphrase (who uses that? %-) for now.
> 
> 
> ==== 2) Ramblings on how the dialog ought to be ====
> 
> Finally, some ideas on how the network dialog should be. This is
> completely fiction and really an invitation for discussion:
> 
> "Dynamic WEP" under "WPA Enterprise" is confusing. The "Wireless
> Security" combobox should be like this:
> 
>   None
>   WEP 128-bit Passphrase
>   WEP 64/128-bit Hex
>   WEP 64/128-bit ASCII
>   Dynamic WEP
>   WPA Personal
>   WPA Enterprise
>   WPA2 Personal
>   WPA2 Enterprise
> 
> The "WPAx Enterprise" should allow for the EAP types that are included
> in the wifi certification, they are bound to show up in actual
> installations. So the "EAP Method" combobox should be
> 
>   EAP-TLS
>   EAP-TTLS/MSCHAPv2
>   PEAPv0/EAP-MSCHAPv2
>   PEAPv1/EAP-GTC
>   EAP-SIM
>   EAP-LEAP
> 
> When choosing "EAP-TTLS/MSCHAPv2", for example, then automatically
> phase2="auth=MSCHAPv2" is passed, and no extra phase2 box is
> needed. Likewise, only the authentification that makes sense for the
> given EAP type appears in the dialog. So if one selects "EAP-TLS" the
> remaining dialog asks for the private certificate, whereas if one
> selects "EAP-TTLS/MSCHAPv2" then the remaining dialog is
> anon_identity, identity, password only.
> 
> The ca_cert and ca2_cert is automatically set to be the usual root
> certificate (which ought to be already in the distro
> somewhere, FC6: /etc/pki/tls/cert.pem). Distro packages depend on this
> file (FC6: depends already on openssl which owns the cert.pem).
> 
> Thanks for reading my ramblings :-)
> Volker
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

Follow-Ups:
- Re: Phase2 patch
  - From: Volker Braun

References:
- Phase2 patch
  - From: Volker Braun

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]