Re: "login" keyring

From: Dan Williams <dcbw redhat com>
To: Giovanni Lovato <giovanni lovato aldu net>
Cc: NetworkManager-list gnome org
Subject: Re: "login" keyring
Date: Tue, 16 Oct 2007 17:55:21 -0400

On Tue, 2007-10-16 at 23:25 +0200, Giovanni Lovato wrote:
> Dan Williams wrote:
> > On Tue, 2007-10-16 at 18:04 +0200, Giovanni Lovato wrote:
> >> Dan Williams wrote:
> >> [CUT]
> >>>> Reading log files I guess my keyring is being unlocked correctly:
> >>>>
> >>>> gdm[6175]: pam_unix(gdm:session): session opened for user giovanni by
> >>>> (uid=0)
> >>>> gdm[6175]: gkr-pam: unlocked 'login' keyring
> >>>>
> >>>> And it seems also NM is receiving the key:
> >>>>
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) started...
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) scheduled...
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) starting...
> >>>> <info>  Activation (wlan0/wireless): access point 'Laurelin' is 
> >>>> encrypted, but NO valid key exists.  New key needed.
> >>>> <info>  Activation (wlan0) New wireless user key requested for network 
> >>>> 'Laurelin'.
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) complete.
> >>>> <info>  Activation (wlan0) New wireless user key for network 'Laurelin' 
> >>>> received.
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) scheduled...
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) started...
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) scheduled...
> >>>> <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) starting...
> >>>> <info>  Activation (wlan0/wireless): access point 'Laurelin' is 
> >>>> encrypted, but NO valid key exists.  New key needed.
> >>>> <info>  Activation (wlan0) New wireless user key requested for network 
> >>>> 'Laurelin'.
> >>>> <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) complete.
> >>>>
> >>>> But doesn't bring up the interface and it loops on those stages. The key 
> >>>> is correct because if I unset gconf entries and retry to connect all 
> >>>> goes fine, it saves the key to the keyring and then connects.
> >>>> The problem appears the next login, so I have to unset gconf entries and 
> >>>> always recreate the connection...
> >>>>
> >>>> I have that issue on two different fresh Gutsy installation. Do you 
> >>>> think it's a Gutsy related bug, my fault or NM?
> >>> Can you provide the output of an 'iwlist <interface name> scan' for the
> >>> 'Laurelin' access point?
> >> # iwlist wlan0 scan
> >> iwlist wlan0 scan
> >> wlan0     Scan completed :
> >>            Cell 01 - Address: 00:C0:49:D3:F4:0E
> >>                      ESSID:"Laurelin"
> >>                      Protocol:IEEE 802.11bg
> >>                      Mode:Master
> >>                      Channel:11
> >>                      Frequency:2.462 GHz (Channel 11)
> >>                      Encryption key:on
> >>                      Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
> >>                                11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
> >>                                48 Mb/s; 54 Mb/s
> >>                      Quality=84/100  Signal level=-50 dBm  Noise 
> >> level=-50 dBm
> >>                      IE: WPA Version 1
> >>                          Group Cipher : WEP-40
> >>                          Pairwise Ciphers (1) : WEP-40
> >>                          Authentication Suites (1) : 802.1x
> >>                      Extra: Last beacon: 84ms ago
> > 
> > Wow.
> > 
> > I've never seen an AP advertise in the WPA IE before that it only
> > supports WEP + 802.1x.  Usually those APs don't advertise that.  Can you
> > tell me the model and vendor of the AP you're using?
> > 
> > I think technically, it's illegal to advertise WPA capability with only
> > WEP ciphers.  AFAIK WEP is allowed for the Group cipher, but you cannot
> > use WEP as a pairwise cipher with WPA, since WPA requires either TKIP or
> > CCMP or both as pairwise ciphers.  This configuration is essentially
> > "Dynamic WEP".  So it's not surprising that NM will get this config
> > wrong, but it's a bug in NM that should probably get fixed.
> > 
> > All that said though, it would be great if all Dynamic WEP access points
> > advertised like this, because then NM can make a better guess as to what
> > type of authentication the AP supports.  Seems like a case of a vendor
> > not quite understanding how to go about advertising AP capability...
> 
> The AP is a USR 9106. The fact is that it always worked (and works) with 
> NM 0.6.4; also notice I have the same problem on another wireless 
> network with the newer DWL-2200AP. So I think my problem isn't related 
> to the APs...

Does the DWL-2200AP 'iwlist' output look the same?

Dan

Follow-Ups:
- Re: "login" keyring
  - From: Giovanni Lovato

References:
- "login" keyring
  - From: Giovanni Lovato
- Re: "login" keyring
  - From: Darren Albers
- Re: "login" keyring
  - From: Giovanni Lovato
- Re: "login" keyring
  - From: Dan Williams
- Re: "login" keyring
  - From: Giovanni Lovato

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]