Re: DBUS specifications for NetworkManager 0.9

From: Dan Williams <dcbw redhat com>
To: Ajay Garg <ajaygargnsit gmail com>
Cc: networkmanager-list <networkmanager-list gnome org>
Subject: Re: DBUS specifications for NetworkManager 0.9
Date: Thu, 15 Mar 2012 16:07:04 -0500

On Tue, 2012-03-13 at 01:28 +0530, Ajay Garg wrote:
> Thanks Dan.
> 
> That was really useful information.
> 
> So, this seems somewhat like a WPA/WPA2-Enterprise WIFI network situation.

Yes, except that the EAP authentication is not typically under control
of the user.  The EAP bits authenticate the *device*, not the user, and
user authentication is typically provided by a captive portal web login
scheme after the device has connected to the NAP.  So the user has
nothing to configure except to enter in their username and password to
the captive portal if the provider doesn't already recognize the MAC of
the WiMAX device.

> However, I still wonder (no offense to you please ...), as to there
> _must_ be some authentication somewhere; for as it currently stands
> that NSP is publically available (much like SSID of a typical WIFI
> network); but unlike WPA/WPA-Enterprise, there is no authentication at
> user-level, thereby meaning that the network is open to be connected
> by anyone (unless of course that is what WiMax aims to achieve ;-) )

AFAIUI the EAP authentication (at least for the Intel devices) is done
using a certificate stored in the device's NVRAM that is not user
accessible.  It's just part of the automatic connection process and the
user doesn't know anything about it unless it fails for some reason.

Commonly, user-level authentication is handled after the device has
already made a connection to the base station and received an IP
address.  So yes, that typically means anyone with a WiMAX device can
connect to the base station and will land in the captive portal.  At
least with CLEAR in the US, on the backend you land on a VLAN where your
authentication is handled via a web UI in which you enter your
subscription name and password, and after successful authentication the
backend switches you to the authenticated VLAN.  This is almost exactly
the process that most WiFi captive portals use too, from the user's
perspective.

Dan

> Thanks a ton to you all (Thomas, David, Dan) !!!
> 
> Regards,
> Ajay
> 
> On Tue, Mar 13, 2012 at 12:24 AM, Dan Williams <dcbw redhat com> wrote:
> > On Mon, 2012-03-12 at 17:20 +0530, Ajay Garg wrote:
> >> Ahh.. Thanks; and sorry, I missed that table earlier.
> >>
> >> Regarding the security protocols for Wimax, I'll read on..
> >
> > There's nothing to specify for WiMAX since that's all handled on a lower
> > level, at least with all the hardware that's out there right now and
> > compatible with Linux.  The current NM code only supports the Intel
> > "wimaxd" software and Intel i2400m WiMAX hardware since that's the only
> > WiMAX stack that's freely available on Linux.
> >
> > The only relevant settings for WiMAX are currently the  MAC address, to
> > lock to a specific WiMAX device, and the NSP name.  The wimaxd daemon
> > itself handles any security that might be required based on it's
> > configuration file and stored list of NSP configurations.  I think it
> > supports EAP-TLS and EAP-TTLS which are (I believe) the de-facto
> > standard auth protocols for most mobile wimax networks.
> >
> > Dan
> >
> >> Thanks and Regards,
> >> Ajay
> >>
> >> On Mon, Mar 12, 2012 at 5:05 PM, David Röthlisberger <david rothlis net> wrote:
> >> > On 12 Mar 2012, at 11:06, Ajay Garg wrote:
> >> >> Thanks David for the reply.
> >> >>
> >> >> What I meant something was to "add a wimax connection" (something
> >> >> along the lines of
> >> >> http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py).
> >> >>
> >> >> Unless of course, Wimax is a sub-type of Wifi; i.e. Wimax has same
> >> >> settings (security types for example) as for Wifi.
> >> >>
> >> >> Kindly enlighten :)
> >> >
> >> > Your original question that I was attempting to answer:
> >> >
> >> >> what about the specs page for 0.9 (on similar lines as http://projects.gnome.org/NetworkManager/developers/api/08/settings-spec-08.html), especially for WiMax related settings?
> >> >
> >> >
> >> > The exact same page you linked, but for 0.9 instead of 0.8, is:
> >> > http://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html
> >> > Table 13 show the wimax settings.
> >> >
> >> > Beyond that I am afraid I am not able to help. I don't actually know anything about NetworkManager and WiMax -- I just thought that link might help you. :-)
> >> >
> >> _______________________________________________
> >> networkmanager-list mailing list
> >> networkmanager-list gnome org
> >> http://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> >

Follow-Ups:
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg

References:
- DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg
- Re: DBUS specifications for NetworkManager 0.9
  - From: Thomas Bechtold
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg
- Re: DBUS specifications for NetworkManager 0.9
  - From: =?iso-8859-1?Q?David_R=F6thlisberger?=
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg
- Re: DBUS specifications for NetworkManager 0.9
  - From: =?iso-8859-1?Q?David_R=F6thlisberger?=
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg
- Re: DBUS specifications for NetworkManager 0.9
  - From: Dan Williams
- Re: DBUS specifications for NetworkManager 0.9
  - From: Ajay Garg

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]