Re: Fedora Core 4 Test Update: NetworkManager-0.5.1-1.FC4.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2006-01-09 at 13:27 -0500, Alan Cox wrote:
> On Mon, Jan 09, 2006 at 04:16:08PM +0000, David Woodhouse wrote:
> > That doesn't really make much sense in the Linux world -- if the network
> > is configured and running then all users on the machine _have_ got
> > access to the it. I think there are some iptables hacks around to
> 
> The administration may see that differently to the physical topology. We
> do actually enforce user level management for some network protocols notably
> AX.25 where the authorization to use the radio generally is tied to a user
> and multiple users effectively appear as different "addresses"

I'm sure we'll bear that in mind when NetworkManager starts to support
AX.25.

> There are cases of systems where it is meaningful to deal with authentication
> and control of interfaces at a user level. Different users having different
> WEP keys is one possible case but more common are things like end users
> bluetooth connections not being made available to remote users sharing the
> system.
> 
> > WEP keys set up a system-wide resource which _any_ user of the system
> > can then utilise. Networks _aren't_ a per-user resource in practice, and
> 
> See example above. They can be. It isnt perhaps the most common situation
> but it is a very real one and I've dealt with people who actively wanted to
> route some users via different networks or deny them some access and for good
> reasons.

I agree that it's possible, although relatively rare and fairly naïve in
the case of IP networks, for network connections to be considered
'per-user', and hence for WEP keys or WPA certificates to be considered
such too. I have no objection to NetworkManager attempting to
accommodate this strange view of the world in _addition_ to the normal
setup.

What I object to is the fact that it no longer supports the _normal_
form of operation, where the network is a system-wide resource, set up
automatically at boot time. I have to actually log in and enter a
password now in order for my machine to connect to the network, and
that's a serious regression.

-- 
dwmw2

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]