On Wed, 2006-01-04 at 13:25 -0500, Dan Williams wrote: > Debatable. I may be authorized to connect to certain networks, and > you're not. So the network & authorization information is specific to > my user, and shouldn't be available to yours. That doesn't really make much sense in the Linux world -- if the network is configured and running then all users on the machine _have_ got access to the it. I think there are some iptables hacks around to attempt to limit network access to certain users, but we don't ship them, do we? We certainly don't attempt to use them. For Windows, perhaps it's different -- one really can consider a Windows box to be a single-user machine, and it might actually make sense to consider network connections to be a per-user thing. Even VPNs might make some sense in the Windows world, but this isn't Windows. > This is the same situation as 802.1x certificates for authentication. > You shouldn't use my certificate to authenticate to the access > server. Same for WEP keys. It isn't 'my' WEP key. It is the system's WEP key. You are trying to impose a policy which doesn't make any sense in this environment. > Of course, this is all premised on console-user privileges. In an > actively multi-user machine, there do need to be system-wide settings > for networking. But nobody has come up with an acceptable method for > system-wide settings, besides using GConf's default/mandatory > settings. > But by default, I argue that such security and authentication > information is first per-user, second system-wide, and only in that > order. Just like login passwords. Not at all like login passwords. Login passwords get you a _session_ from which you can access an individual resources's files, and you can access certain other shared resources which are available to you. WEP keys set up a system-wide resource which _any_ user of the system can then utilise. Networks _aren't_ a per-user resource in practice, and I'd be surprised if it were particularly common for users to want WEP keys to be per-user. Certificates might well be a different matter, but in practice I doubt there are many users who really care about those being per-user instead of system-wide either. Network data being stored system wide is by far the more common arrangement, and as far as I can tell, NetworkManager doesn't seem to allow that -- I ought to at least have the _option_ of doing so, surely? Or is this yet another case where GNOME knows better than its idiot users? I'd like to reboot my laptop onto a new kernel, but if I do so at the moment while I'm 20 miles from it, I know it wouldn't manage to reconnect to the network.... -- dwmw2 -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list