Re: What is needed for NetworkManager and WPA2 Enterprise?
- From: Andrew Zaborowski <andrew zaborowski intel com>
- To: Paul Menzel <pmenzel molgen mpg de>
- Cc: networkmanager-list gnome org, iwd lists 01 org
- Subject: Re: What is needed for NetworkManager and WPA2 Enterprise?
- Date: Wed, 25 Sep 2019 13:45:52 +0200
On Wed, 25 Sep 2019 at 13:16, Paul Menzel <pmenzel molgen mpg de> wrote:
On 25.09.19 12:54, Andrew Zaborowski wrote:
I believe there's now also an auto-configuration tool for eduroam
called CAT. Maybe you should also address proposals to that project.
When I was an eduroam user myself I didn't use CAT, I actually used
the GNOME nm-applet's wifi dialog to configure access but it took me
many attempts and was far from the ideal way to do this. I remember
the admins did provide mac-compatible config files and today I'd much
prefer to simply convert that using our script (in
tools/ios_convert.py) than to have to guess individual eap settings.
I don't believe the script has been tested with eduroam yet.
I can agree, but it’s not user friendly at all. So you want to teach the
users again, how to copy a text file to `/var/lib/iwd`?
Optimally the UI would include a way to do this but we don't have a
specific proposal on how to do this or anyone working on it. It's a
little complicated because the UI implementations are in separate
projects from NM and they talk to NM using a well established config
format and extending it needs changes in all of the projects and
documentation. That's one DBus API, then NM talks to iwd using
another DBus API, although we have considered at one point NM
accessing iwd's config directory directly. The UI processes
themselves shouldn't contain iwd-specific code and also shouldn't
touch system directories.
What about if
the user does not want to share that connection system wide?
Currently iwd has no per-user network configuration and as far as I
know this is only considered for after 1.x releases but
patches/proposals can be probably be sent at any time.
The admin
should not be able to read the password, as it’s often shared.
Configuration files would be useful, but the GUI program should load
them, and use them to configure the system.
I can only urge you to take the view point from a ignorant user. Please
test your suggestions with your parents or even grand parents and see if
it works. I doubt it. Please work together with the GUI folks how to
integrate this properly. Managed devices are not always a reality.
(I second, that a missing common configuration file format for WiFi is a
problem.)
Also it looks like, the password is stored in plain text in the iwd
configuration file (in some examples).
While this is not recommended the password can be stored in the config
file so that you don't have to type it through the secrets dialog
every time, it's your or the admin's choice.
Every time, or would it be stored in some keyring?
There is code in NM to use gnome keyrings but I don't know how it works.
Yes, the passwords may be sensitive but there are also setups where
the private key is not even encrypted or the passwords are well known
so we need to account for that scenario too. As for the machine's
admin the users are assumed to always trust the admin independent of
how the secrets are stored.
Best regards
[
Date Prev][
Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
