Re: vpnc System-wide settings

From: Dan Williams <dcbw redhat com>
To: Laurent Goujon <laurent goujon online fr>
Cc: networkmanager-list gnome org
Subject: Re: vpnc System-wide settings
Date: Mon, 13 Jul 2009 14:17:22 -0400

On Mon, 2009-07-13 at 11:27 +0200, Laurent Goujon wrote:
> Ok, I think I have the overall idea... the nm applet wraps user connections in order to intercept activation and provides username and password. I'm tempted to do something similar to system connections. Good idea?

So system settings are interesting WRT VPNs.  The point of system
settings is to be available *before* login and across
fast-user-switches.  As such, they aren't a great fit for user-specific
VPNs.  They would be for say certificate-based OpenVPN connections or
point-to-point VPNs between two servers, say.

It seems like what you really want to do is to add some GConf
"mandatory" settings that contain the connection details.  I can't think
of anything that would be user-specific, so you'd add them once in your
initial login sequence for the user.

These wouldn't be able to be changed by the user (since they are
mandatory, only root can change them), but the user would still be asked
for the password when they logged in.  Since you're using tokens, you'll
want to set the "Always Ask" option for the user password.

Dan

> Laurent
> ----- Mail Original -----
> De: "Laurent Goujon" <laurent goujon online fr>
> À: networkmanager-list gnome org
> Envoyé: Vendredi 10 Juillet 2009 18:03:03 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
> Objet: vpnc System-wide settings
> 
> Hi,
> 
> I'm trying to put in place system-wide settings for vpn(c). The idea is that an user has nothing to configure, he just has to check under VPN connections and click on one of the available connections. The user should just be prompted for (possibly) his username and his password.
> 
> So far, I managed to create configuration files and by placing them under /etc/NetworkManager/system-connections/ to make them appear. Unfortunately I'm unable to make them work. If I don't put Xauth username = <username> into the config file, NetworkManager/vpnc manager complains that this config setting is lacking (and after some debugging it appears that default username is simply NULL), and if I force this settings, it is Xauth password which is missing (although I set into the configfile that it should be asked to the user). That become problematic since I use rsa tokens (so password is different each time).
> 
> I suspect that since these are system-wide connections, they shouldn't depend of user informations, am i right? Any way to extend system configuration to support user interaction? Or a way to quickly import vpn configuration into user profile? 
> 
> Thanks in advance,
> 
> Laurent Goujon
> 
> System config:
> NetworkManager 0.7.0.99 on RHEL5
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list

References:
- Re: vpnc System-wide settings
  - From: Laurent Goujon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]