Re: How to restrict allowed APs?
- From: Dan Williams <dcbw redhat com>
- To: David Erosa <soulnet gmail com>
- Cc: networkmanager-list gnome org
- Subject: Re: How to restrict allowed APs?
- Date: Tue, 03 Feb 2009 11:15:50 -0500
On Mon, 2009-02-02 at 12:38 +0100, David Erosa wrote:
> Hello.
>
> I'm working in a project that provides access to IT resources to all the
> schools in the region of Andalucia in Spain. One of the requirements is that
> PCs can only connect to the school AP, and only in exceptional cases be allowed
> to connect to any. So we need to filter the APs that the user can see.
>
> We are currently using a modified version of NM (0.6.4) that locks the AP to
> which a computer can connect to, but we would like to make it more clear, as
> we are modifying the nm-applet code so that it doesn't show the not-allowed APs.
>
> I thought there would be a NM-dbus function to delete an AP from the list of
> detected APs, but I found none. If there were, I could make a program that
> listens to dbus signals and delete the APs we don't want the user to connect to.
>
> I know the normal procedure would be to use a "fixed" connection, but we
> are still required to let the user choose between the ethernet and the wifi
> connection...
>
> What do you think could be the best solution for this case? Would be
> worth (read: useful for others) to implement a dbus function for this?
The plan for this is to use PolicyKit to selectively restrict what users
can an cannot do, if the system administrator desires it. Thus, there
would PolicyKit capabilities for connecting to wired, wireless,
gsm/cdma, etc, which could be denied to certain users if desired.
Second, additional PolicyKit rules would allow/deny user-created
networks.
Thus, you would set up a few system connections for the devices you wish
to allow the user to connect to, and the user would be limited to using
only those connections. Other connections would not be available in the
menu.
This isn't a ton of work, it's basically defining the policy and
implementing the PolicyKit bits in the applet and in NetworkManager. We
already have PolicyKit code for some actions in NetworkManager and the
connection editor.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]