Re: networkmanager need old password for keyring

From: Dan Williams <dcbw redhat com>
To: Frederik Nnaji <frederik nnaji gmail com>
Cc: networkmanager-list gnome org
Subject: Re: networkmanager need old password for keyring
Date: Thu, 13 May 2010 23:39:42 -0700

On Thu, 2010-05-13 at 14:23 +0200, Frederik Nnaji wrote:
> On Thu, May 13, 2010 at 11:33, Alex <pppsss7 gmail com> wrote:
>         Can anybody say. On my system linux fedora with xfce, password
>         need to
>         be changed every week, but, when i change my password, NM need
>         old
>         password for unlocking keyring. How to remove this problem ?
> 
> 
> GNOME Keyring and network manager is a problem for me too..
> i don't know if keyring is the problem or network manager..
> 
> SIM cards get locked by NM passing the wrong PIN to them. [1]
> 
> reconstruction:
> 1 - insert a mobile broadband stick
> 2 - set up a mobile broadband connection in wizard, e.g. ISP = "o2
> mobile"
> 3 - now create a mobile broadband connection with our beautiful
> wizard.
> 4 - enter the PIN where appropiate
> 5 - tell the keyring to never ask for PIN again, when it offers you
> that
> 6 - insert a different mobile broadband SIM from same ISP
> 7 - select your previously created connection for this ISP

Hmm, sounds like a bug.  I can try to check and make sure that the PIN
gets updated in the keyring.

> what will happen is:
> NM will try to use the old keyring-memorized PIN for the _old_ SIM to
> unlock the new SIM..
> This is how it will automatically enter the wrong PIN more than twice,
> hereby activating PUK security level blocking of the SIM..
> 
> all this happens without any implementation of "keep the user
> informed" or any options to tell NM that it's about to create a big
> problem..
> 
> the common root of our problems:
> NM binds configured connections to passwords/keys.
> 
> to fix this:
> make NM bind unique devices to real identities, all by unambiguous
> names.
> 
> the same problem matrix appeared recently on what Dan names "Grandmas
> neighbour's wireless network"..
> 
> * identify the password protected object uniquely by an
> "unambiguous_identifier"
> * ask the responsible key holder to supply the key for the
> "unambiguous_identifier"
> 
> in Wireless, Dan fixed this by using the BSSID in a conditional
> manner.
> in Mobile Broadband we might want to identify the SIM card on a
> hardware level.
> it doesn't make sense to believe that same ISP means same PIN code.

Yes, we should tie the PIN to the SIM.  The big problem here is that for
many devices (a lot of them actually) you can't get the IMSI until
*after* you unlock the SIM.  Which means we can't use the IMSI to look
up the PIN for a lot of devices like you really want.

Dan

Follow-Ups:
- Re: networkmanager need old password for keyring
  - From: Frederik Nnaji

References:
- networkmanager need old password for keyring
  - From: Alex
- Re: networkmanager need old password for keyring
  - From: Frederik Nnaji

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]