On Mon, 2006-01-09 at 13:27 -0500, Alan Cox wrote: > On Mon, Jan 09, 2006 at 04:16:08PM +0000, David Woodhouse wrote: > > That doesn't really make much sense in the Linux world -- if the network > > is configured and running then all users on the machine _have_ got > > access to the it. I think there are some iptables hacks around to > > The administration may see that differently to the physical topology. We > do actually enforce user level management for some network protocols notably > AX.25 where the authorization to use the radio generally is tied to a user > and multiple users effectively appear as different "addresses" I'm sure we'll bear that in mind when NetworkManager starts to support AX.25. > There are cases of systems where it is meaningful to deal with authentication > and control of interfaces at a user level. Different users having different > WEP keys is one possible case but more common are things like end users > bluetooth connections not being made available to remote users sharing the > system. > > > WEP keys set up a system-wide resource which _any_ user of the system > > can then utilise. Networks _aren't_ a per-user resource in practice, and > > See example above. They can be. It isnt perhaps the most common situation > but it is a very real one and I've dealt with people who actively wanted to > route some users via different networks or deny them some access and for good > reasons. I agree that it's possible, although relatively rare and fairly naïve in the case of IP networks, for network connections to be considered 'per-user', and hence for WEP keys or WPA certificates to be considered such too. I have no objection to NetworkManager attempting to accommodate this strange view of the world in _addition_ to the normal setup. What I object to is the fact that it no longer supports the _normal_ form of operation, where the network is a system-wide resource, set up automatically at boot time. I have to actually log in and enter a password now in order for my machine to connect to the network, and that's a serious regression. -- dwmw2 -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list