Re: DBUS specifications for NetworkManager 0.9



Thanks Dan;

This cleared some of my concepts; I always had a section in my
router-configuration web page, regarding the MAC addresses. I now
understand (courtesy you) that the basic authentication occurs at the
device level; user-authentication is the (second) authentication over
the second layer.

Also, I believe that this user-level-authentication is a part of
WPA/WPA2-standard; I expect that this would become too for WiMax as
well...
But anyways, I need to shut up, and try connecting to a WiMax device
ASAP :) :) :)


Thanks and Regards,
Ajay

On Fri, Mar 16, 2012 at 2:37 AM, Dan Williams <dcbw redhat com> wrote:
> On Tue, 2012-03-13 at 01:28 +0530, Ajay Garg wrote:
>> Thanks Dan.
>>
>> That was really useful information.
>>
>> So, this seems somewhat like a WPA/WPA2-Enterprise WIFI network situation.
>
> Yes, except that the EAP authentication is not typically under control
> of the user.  The EAP bits authenticate the *device*, not the user, and
> user authentication is typically provided by a captive portal web login
> scheme after the device has connected to the NAP.  So the user has
> nothing to configure except to enter in their username and password to
> the captive portal if the provider doesn't already recognize the MAC of
> the WiMAX device.
>
>> However, I still wonder (no offense to you please ...), as to there
>> _must_ be some authentication somewhere; for as it currently stands
>> that NSP is publically available (much like SSID of a typical WIFI
>> network); but unlike WPA/WPA-Enterprise, there is no authentication at
>> user-level, thereby meaning that the network is open to be connected
>> by anyone (unless of course that is what WiMax aims to achieve ;-) )
>
> AFAIUI the EAP authentication (at least for the Intel devices) is done
> using a certificate stored in the device's NVRAM that is not user
> accessible.  It's just part of the automatic connection process and the
> user doesn't know anything about it unless it fails for some reason.
>
> Commonly, user-level authentication is handled after the device has
> already made a connection to the base station and received an IP
> address.  So yes, that typically means anyone with a WiMAX device can
> connect to the base station and will land in the captive portal.  At
> least with CLEAR in the US, on the backend you land on a VLAN where your
> authentication is handled via a web UI in which you enter your
> subscription name and password, and after successful authentication the
> backend switches you to the authenticated VLAN.  This is almost exactly
> the process that most WiFi captive portals use too, from the user's
> perspective.
>
> Dan
>
>> Thanks a ton to you all (Thomas, David, Dan) !!!
>>
>> Regards,
>> Ajay
>>
>> On Tue, Mar 13, 2012 at 12:24 AM, Dan Williams <dcbw redhat com> wrote:
>> > On Mon, 2012-03-12 at 17:20 +0530, Ajay Garg wrote:
>> >> Ahh.. Thanks; and sorry, I missed that table earlier.
>> >>
>> >> Regarding the security protocols for Wimax, I'll read on..
>> >
>> > There's nothing to specify for WiMAX since that's all handled on a lower
>> > level, at least with all the hardware that's out there right now and
>> > compatible with Linux.  The current NM code only supports the Intel
>> > "wimaxd" software and Intel i2400m WiMAX hardware since that's the only
>> > WiMAX stack that's freely available on Linux.
>> >
>> > The only relevant settings for WiMAX are currently the  MAC address, to
>> > lock to a specific WiMAX device, and the NSP name.  The wimaxd daemon
>> > itself handles any security that might be required based on it's
>> > configuration file and stored list of NSP configurations.  I think it
>> > supports EAP-TLS and EAP-TTLS which are (I believe) the de-facto
>> > standard auth protocols for most mobile wimax networks.
>> >
>> > Dan
>> >
>> >> Thanks and Regards,
>> >> Ajay
>> >>
>> >> On Mon, Mar 12, 2012 at 5:05 PM, David Röthlisberger <david rothlis net> wrote:
>> >> > On 12 Mar 2012, at 11:06, Ajay Garg wrote:
>> >> >> Thanks David for the reply.
>> >> >>
>> >> >> What I meant something was to "add a wimax connection" (something
>> >> >> along the lines of
>> >> >> http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py).
>> >> >>
>> >> >> Unless of course, Wimax is a sub-type of Wifi; i.e. Wimax has same
>> >> >> settings (security types for example) as for Wifi.
>> >> >>
>> >> >> Kindly enlighten :)
>> >> >
>> >> > Your original question that I was attempting to answer:
>> >> >
>> >> >> what about the specs page for 0.9 (on similar lines as http://projects.gnome.org/NetworkManager/developers/api/08/settings-spec-08.html), especially for WiMax related settings?
>> >> >
>> >> >
>> >> > The exact same page you linked, but for 0.9 instead of 0.8, is:
>> >> > http://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html
>> >> > Table 13 show the wimax settings.
>> >> >
>> >> > Beyond that I am afraid I am not able to help. I don't actually know anything about NetworkManager and WiMax -- I just thought that link might help you. :-)
>> >> >
>> >> _______________________________________________
>> >> networkmanager-list mailing list
>> >> networkmanager-list gnome org
>> >> http://mail.gnome.org/mailman/listinfo/networkmanager-list
>> >
>> >
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]