nm 0.7 on ubuntu ibex

[Mike Butash <mike butash net>]

Hi all,

I'd like to start by saying that I just updated my work laptop to ibex
from gutsy, and it's almost amazing how much nm has improved.  For the
first time in using ubuntu for about 4 years, it's actually gotten to
the point it handles all my varied connections of wired/wireless/cdma
and cisco vpn's without some kind of my own bastard scripts and hacks.
I consult with customers using just about any kind of config for vpn and
wireless, and it works pretty darn great so far.  Kudos to the team for
making my life easier!

That being said, the more I tinkered with it, the more I found a few
annoyances I was curious if anyone's fixed or considered dealing with as
a long-term strategy.  I've been following the list for some time, and
haven't seen any direct mention of these, so I figured either I'm weird,
or no one else does what I do (yet), so I figure I'd mention them to see
if I can offer some recommendations to consider for future
improvements.  

1) I noticed with the VPN import functions that they can handle cisco
PCF files, but it doesn't fully import them the nice way kvpnc does.  I
think that it's a conscious choice not to flaunt breaking cisco's weak
*encryption* on their saved strings, but it would be nice if it did none
the less.  Ibex seems to have broken Cisco's own vpn, leaving me
stranded to get this working, so I found a blob of c code to decrypt it
for me, which I could then manually reassemble a profile.  It'd be nice
to see it natively import it, as simply not all the times do customers
have (or sometimes remember) the keys outside of the grandfathered .pcf
file from long ago.

Along with this hack to decrypt the key, I found some shell and perl
code to dump a director of cisco .pcf's to vpnc .conf's, however NM
doesn't seem to make use of these at all.  It would be nice if it could
suck the legacy vpnc directory for import into it's secure store (I
believe gnome-keyring..?).

Otherwise very sweet being able to use NM for vpn purposes to replace
cisco's lack of decent linux support!

2) Gnome keyring doesn't play nice when using fingerprint readers,
namely thinkfinger libs.  Profiles won't automagically connect on boot,
and often I have to use my password instead of a swipe.  Annoying only
due to lack of consistency whereas it normally works without a hitch.
I've read up on the fact that gnome keyring doesn't use pam, and hence
cannot use the thinkfinger authentication methods, but it seems there
should be a more graceful solution.  I'm definitely not the only person
feeling this pain, but thus far I've not found any constructive ways to
lessen/fix the issue.r

Since fingerprint readers are becoming more common, it seems it might be
worth exploring a better way to eliminate the need to always auth
outside of the login session (or consistently use fingerprints for gnome
keyring).  I'm positive that I'm over-simplifying the problem, so feel
free to kick me or ask for more info.  Perhaps I'm barking up the wrong
tree, and should blame the gnome keyring dev's instead, but since you've
chosen to use its use for NM, it stands to reason you might want to look
at cleaning up an ugly loose-end to an otherwise stellar product.  I'd
be happy to provide debugging info to assist if needed.

3) Dialup support is gone now?  Dialup is so 90's now, but unfortunately
bluetooth DUN is still alive and kicking.  However, I couldn't seem to
find a way to use this in NM currently, nor could I find any way to
enable it.  Am I missing something here to enable it, or was it just
simply (finally) removed and to be considered legacy?  Seems there'd
still be a lot of people stuck using traditional dialup to abandon them
entirely...

I've always written my own scripts/confs for wpa_supplicant for
connecting to various wifi profiles as NM has never quite worked
properly for me, but its nice to see it's really almost there a good
solution.  Nice it even worked with my vzw aircard flawlessly!  Thanks
for the hard work in making NM a large part of linux mainstream
adoption!

-mb