On Mon, 2006-01-09 at 16:16 +0000, David Woodhouse wrote: > On Wed, 2006-01-04 at 13:25 -0500, Dan Williams wrote: > > Debatable. I may be authorized to connect to certain networks, and > > you're not. So the network & authorization information is specific to > > my user, and shouldn't be available to yours. > > That doesn't really make much sense in the Linux world -- if the network > is configured and running then all users on the machine _have_ got > access to the it. I think there are some iptables hacks around to > attempt to limit network access to certain users, but we don't ship > them, do we? We certainly don't attempt to use them. We do implement that concept (though not that method) if you consider xen, don't we? That may not make sense for WEP right now, but I can certainly see a world where Xen guests know different WEP keys than other guests, and is on a different network, whether that's supported in software only or just hardware. It wouldn't be very hard to add that into the current ieee80211 stack, and I suspect it wouldn't be hard to do in similar software implementations. Obviously, this doesn't have direct immediate repercussions on NM, but it is important to keep in mind that such a scenario is possible, whether or not we intend to support it right now. > For Windows, perhaps it's different -- one really can consider a Windows > box to be a single-user machine, and it might actually make sense to > consider network connections to be a per-user thing. Even VPNs might > make some sense in the Windows world, but this isn't Windows. VPNs make plenty of sense in Linux. Let's not characterize the entire world's usage based on *your* requirements, or those of any single individual. > > This is the same situation as 802.1x certificates for authentication. > > You shouldn't use my certificate to authenticate to the access > > server. Same for WEP keys. > > It isn't 'my' WEP key. It is the system's WEP key. You are trying to > impose a policy which doesn't make any sense in this environment. It doesn't make sense, but why not? I think it's because our code doesn't do it, not because the idea is totally off base. I think a WEP key can conceptually make sense as either per-host or per-user, but our network stack doesn't really support but one of those. > Network data being stored system wide is by far the more common > arrangement *That* I'll agree with. -- Peter -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list