Re: PEAP with GTC in NetworkManager-0.7.0-0.12.svn4326.fc10.x86_64

["David Orman" <ormandj corenode com>]

Hi Dan,

Here's some more information about PEAP-GTC.

First, a little snippit from the freeradius project: http://wiki.freeradius.org/EAP#PEAPv1.2FEAP-GTC
It references the RFC in which PEAP-GTC is defined as an inner authentication protocol: http://www.ietf.org/rfc/rfc3748.txt
In the RFC, the relevant section is 5.6

In our environment, we utilize RSA tokens with a randomly generated keys, so I think it is likely the method you are thinking of. You're correct in your analysis, it would certainly be an always prompt/never save bit in the application. Running a search to gather more information to help out, all I ran into were posts about people who had upgraded various distributions and gotten NM 0.7.x (that had been running 0.6.x with working PEAP-GTC support), so it does seem to be utilized somewhat frequently. wpa_supplicant appears to still work correctly with PEAP-GTC for most people, as does NM 0.6.x, so most people who are in the same boat as I am have been downgrading to the older version of NM or just using wpa_supplicant directly.

I'm happy to assist however I can in this, but I will likely be limited to providing myself as a lab rat for testing changes. Anybody is more than welcome to take me up on that offer. :) Let me know if there is any other information I can gather that would help out, and thank you for looking into this!

Cheers,
David

On Fri, Dec 19, 2008 at 10:15 AM, Dan Williams <dcbw redhat com> wrote:

On Thu, 2008-12-18 at 23:17 -0600, David Orman wrote:
> Filed a bug in Gnome's bugtracker in case anybody else runs across
> this thread with the same issue:
> http://bugzilla.gnome.org/show_bug.cgi?id=565065

The GTC is the dongle thing that gives you a one-time-pad, correct?  In
this case, we do need to add a bunch of support for GTC to
NetworkManager.  It would mean not entering the PIN in the connection
editor or anywhere, but having the applet ask for the PIN *ever* time
the connection or reconnection attempt was made.  It wouldn't be hard to
actually support, but would take some code.  It's on the table, I've
seen another request for it recently, just needs the work done.  If
anyone's up for doing the patch, I can outline what needs to get
changed.

Dan

> Thanks,
> David
>
> On Thu, Dec 18, 2008 at 4:09 AM, David Orman <ormandj corenode com>
> wrote:
>         Hi,
>
>         I am trying to use Fedora 10/Intel 5300 on a Cisco based
>         wireless network, which uses GTC for the inner authentication.
>         I see this option no longer exists in the version of NM that I
>         have: NetworkManager-0.7.0-0.12.svn4326.fc10.x86_64.
>
>         Out of curiosity, I used GIT to get the latest source, and see
>         the following in libnm-util/nm-setting-8021x.c:
>
>          950         { "gtc", NULL, NULL },  // FIXME: implement
>
>         So, it appears GTC is not implemented in NM, even though
>         wpa_supplicant supports it. Are there any patches available
>         that allow this to work? This seems to be a regression from
>         version 0.6.x (I don't know the exact version I was using
>         before).
>
>         I've seen various bugs filed at the distribution level
>         regarding this, but I didn't see one with this specific
>         problem in the Gnome bugtracker. However, seeing the comment
>         in the source, it seems to be a known-issue. Is this actually
>         the case, and will this actually be implimented? Do I need to
>         actually file a bug? Are there any known workarounds?
>
>         Respectfully,
>         David
>

> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list