Re: What is needed for NetworkManager and WPA2 Enterprise?
- From: Paul Menzel <pmenzel molgen mpg de>
- To: Andrew Zaborowski <andrew zaborowski intel com>
- Cc: networkmanager-list gnome org, iwd lists 01 org
- Subject: Re: What is needed for NetworkManager and WPA2 Enterprise?
- Date: Wed, 25 Sep 2019 13:16:13 +0200
Dear Andrew,
On 25.09.19 12:54, Andrew Zaborowski wrote:
On Wed, 25 Sep 2019 at 12:33, Paul Menzel <pmenzel molgen mpg de> wrote:
On 25.09.19 12:27, Andrew Zaborowski wrote:
I replied to that issue but provisioning EAP networks other than
through the config files is not currently on IWD's todo list. You
didn't really explain your use case. The logic is that the user
shouldn't have to touch that configuration, it should be enough for
them or their admin to drop the network's configuration file into
/var/lib/iwd. There is specific code in the NM iwd-backend to make
sure no extra NM-side configuration is required after this is done
correctly.
...
There are self-managed devices. In our case these are scientists using
the Eduroam net. It was possible to configure such a network before
using the GNOME WiFi dialog, and I think it should continue to be supported.
So I know Eduroam admins may not be very cooperative but they still
have to provide users with the certificate file, the private key and
hopefully some instructions on the site's Eduroam configuration (the
EAP methods and other details vary between campuses) so it'd actually
be easier for them to provide the config file directly, and it'd also
be easier for their users. This can also be done by one your users
provided everyone has their certificate and private key already.
I believe there's now also an auto-configuration tool for eduroam
called CAT. Maybe you should also address proposals to that project.
When I was an eduroam user myself I didn't use CAT, I actually used
the GNOME nm-applet's wifi dialog to configure access but it took me
many attempts and was far from the ideal way to do this. I remember
the admins did provide mac-compatible config files and today I'd much
prefer to simply convert that using our script (in
tools/ios_convert.py) than to have to guess individual eap settings.
I don't believe the script has been tested with eduroam yet.
I can agree, but it’s not user friendly at all. So you want to teach the
users again, how to copy a text file to `/var/lib/iwd`? What about if
the user does not want to share that connection system wide? The admin
should not be able to read the password, as it’s often shared.
Configuration files would be useful, but the GUI program should load
them, and use them to configure the system.
I can only urge you to take the view point from a ignorant user. Please
test your suggestions with your parents or even grand parents and see if
it works. I doubt it. Please work together with the GUI folks how to
integrate this properly. Managed devices are not always a reality.
(I second, that a missing common configuration file format for WiFi is a
problem.)
Also it looks like, the password is stored in plain text in the iwd
configuration file (in some examples).
While this is not recommended the password can be stored in the config
file so that you don't have to type it through the secrets dialog
every time, it's your or the admin's choice.
Every time, or would it be stored in some keyring?
Kind regards,
Paul
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]