Re: Wired 802.1x Machine/User Authentication

[Gilbert Mendoza <gmendoza gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dan,

First of all, thanks for taking the time to read and respond to my
question.  It was a tad long, but I wanted to convey my intentions
completely.


On Sun, Jul 27, 2008 at 11:58 AM, Dan Williams  wrote:
>
> This isn't currently possible with the NM 0.6.x branch, but 0.7 should
> have the required infrastructure (system and user connections).  The
> logic to do this would likely be in the user applet, since the user
> applet is launched on login.  Basically, the machine would have a
> system-level connection that would start when NM starts as a daemon at
> system startup time, and then at login time there would be a user
> connection stored in the users session (GConf for gnome, kconfig I think
> for KDE) which could be activated after login when the applet starts
> that contains the required user-specific credentials.

I figured as much, but you've given me a glimmer of hope with 0.7.
You've also interpreted my goal perfectly.

>
> The missing bit is to have the applet somehow figure out that the
> existing system connection is not good enough, and to try to activate a
> specific user connection even though the system already has an active
> connection.  But that's not too hard.  You could come up with a
> proof-of-concept patch fairly easily, I think.  The applet, on startup,
> would decide that some connection from it's local store was more
> important that the current system connection, and just tell NM to
> activate that one instead.
>

Full automation of the transition process between machine and user
authentication would definitely complete the solution.  If the
framework is already there for allowing such separation of profiles, I
believe it would just be a matter of defining network profile
"preference", or an order of precedence.  Just as one typically thinks
of when roaming between different wireless SSID's, you would be able
to specify which network is preferred over another if they're both
available.  The same could be done with the wired profiles, or simply
have all network types tied together.

I can see this being useful when you have a wired connection plugged
in, but want NM to prefer and default to your wireless profile.

As for submitting a patch, unfortunately I have only a limited
programming skill set... but wanted to throw the idea out there for
someone with faster capabilities to do so than I.  I really need and
want to address this.  :-)


- --

Gilbert Mendoza
PGP: 0x075DBCA9
Email: gmendoza at gmail.com
http://www.savvyadmin.com
https://launchpad.net/~gmendoza
https://wiki.ubuntu.com/GilbertMendoza

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIjNRFBZd5UQddvKkRAkWqAJ4mBpaj46HiEVVwM64FoQRUVpCgqQCghaLu
+1WUU2C9qis7W+CoEpCFdJ4=
=nXX6
-----END PGP SIGNATURE-----