On Wed, 2008-07-02 at 14:15 -0430, Patrick O'Callaghan wrote:
> On Wed, 2008-07-02 at 11:09 -0400, Matthew Saltzman wrote:
>
> > Think about how accessing wireless systems works. If you have to
> > authenticate, then you have to be logged in to do it (or you have to
> > preconfigure it). If you are a mobile user, you may have to do it
> > several times--NM makes the process about as convenient as possible.
> > Authentication should be tied to a user: user A should not necessarily
> > be able to authenticate to user B's WAP unless user A also knows the
> > key. (Apropos another thread, that's why the keyring is used to store
> > encrypted keys.)
>
> This actually raises an interesting point. The various discussions of
> wireless authentication I've seen don't clearly distinguish between the
> user and the device in all cases. Sometimes they do (e.g. when using WPA
> in an enterprise mode which requires authenticating the actual user to a
> central server) and other times they don't (such as the very common PSK
> mode where everyone just knows the magic passphrase).
>
> What happens in the following scenario: User A logs in to his laptop and
> authenticates. Without logging out, User B comes along and logs in as
> well (on a different virtual console). Can User B now access the network
> without needing to authenticate again? If so, NM is treating the
> authentication as per-device, if not, then it's per-user. Does it depend
> on the WPA mode? I don't know.
Ooh, good point. The answer is, once the link is up, it's tied to the
device. I think you can even log out of your session and into another
without taking the link down (but I haven't tried that).
I'll leave it to Dan Williams (NM developer) to address possible
alternative architectures.
>
> poc
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
