Re: Setting up 802.1x environment
- From: Dan Williams <dcbw redhat com>
- To: me blaue0 net
- Cc: networkmanager-list gnome org
- Subject: Re: Setting up 802.1x environment
- Date: Thu, 17 Aug 2006 10:37:05 -0400
On Thu, 2006-08-17 at 14:31 +0200, me blaue0 net wrote:
> Hello,
>
> I'd like to implement the 802.1x authentication for wired networks in
> NetworkManager. One of many problems I have is that I currently only
> have access to an 802.1x environment on Tuesday and Wednesday and I
> don't want to wait each week to test my changes.
>
> Is it somehow possible to implement such an environment in software?
> The only thing I would need at first is a working authentication, the
> other things should be pretty easy to do.
Great!
This is closely related to static IP addressing in that wired networks
can have persistent settings too, but we certainly cannot choose which
one to use automatically [1]. We want to make sure we do a more general
(not 802.1x specific) config system for this stuff so that we don't have
to rewrite it later.
A few questions first:
a) can you use the same 802.1x setting on the wired network as a
wireless network?
b) Is the advanced stuff like phase2 auth and MSCHAP/PAP/etc also for
wired networks?
Some of the backend NM code will block on a dbus-enabled wpa_supplicant
(which is in progress and progressing nicely), which enables a much
cleaner interface in NM than the socket-based interface that we now use.
But the frontend code needs work too; we need an applet to configure
both wireless and wired 802.1x settings, possibly static IP addresses as
well for wired & wireless interfaces. This does take some functionality
over from distribution tools like system-config-network and YaST.
However, if we do it right, those tools can interoperate just as well.
Some concrete work items here are:
a) Develop an NMAPSecurity subclass for wired authentication. Figure
out what wpa_supplicant options are needed for wired networks.
b) Add the dbus helper functions to libnm-util to marshal that object
through dbus
c) Define a GConf key structure for storing the security information.
This should probably be under /system/networking/ethernet or something
like that
d) Write the bits in the applet that convert the GConf keys into the
NMAPSecurity object
e) Have the applet recognize configs for wired devices and augment the
applet's menu item for the interface with the config's name in a submenu
(and Default for standard DHCP)
Dan
[1] No, we're not going to do ARP tricks with a known IP address and MAC
address. That only works 10% of the time and pisses a lot of people
off.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
