kelsey hudson wrote:
DJA wrote:
kelsey hudson wrote:
As far as the other requirement goes, If you want to keep the garden
variety freeloading idiot out, WEP is sufficient. WPA is a hack and a
kludge and generally pain all around.
Please elaborate on why you think WPA is bad. I have been using WPA2
on my access point with no problems. In fact, with NetworkManager,
KNetworkManager, and WPA_supplicant included in the standard FC6
installation, it all just worked out-of-the-box for me with no
fiddling, other than to install the IPW2200 firmware.
Mainly it's just that not all the chipsets out there support frame
capture (required for WPA), the driver support for the wext WPA backend
is spotty and broken for several drivers (ipw is an exception -- its
wext support is perfect).
True. Unfortunately, this is, for the most part, caused by closed source
drivers forcing Linux coders to use reverse engineering and black magick
to get even as much functionality as we have. (Intel takes a slightly
different approach: the wireless driver is open source, but requires a
closed source firmware plugin for it. Intel also provides almost daily
support to the developers, so I luck out).
It's not something that can easily be
addressed with the stock ifconfig/iwconfig utilities. If you have an
access point which requires strong authentication it requires you to
keep that password in cleartext, in a text file.
I use Kwallet for that. It seems to just work. I think there is
something for Gnome as well. There is also a PAM keyring mechanism.
wpa_supplicant/xsupplicant thus far have no method to prompt the user
for a password.
For non-command line use, that's been taken care of by NetworkManager
and its applets.
On top of that, there are *SO MANY DIFFERENT FLAVORS*
and configurations of WPA that it's a colossal pain sometimes to
decypher how everything should be set up.
There are many options, yes. But that seems to be because of an ongoing
desire by the user community for both stronger and more flexible
wireless security.
There are also a lot of opinions in the Linux wireless space (from both
users and developers) as to how wireless access and security should
work. The Big Wish is that wireless networking worked just as
transparently and robustly as wired networking - ignoring all the
additional problems associated with those annoying laws of physics.
However, some of the blame can be placed on AP/wireless router makers.
Some don't follow or properly implement the specs, or they invent their
own versions (Cisco).
For instance, here at work we
have to enter SSO credentials to log on to the wireless network. There
are at least 20 different ways of setting it up, and I tried all 20 of
them before I finally found one that works.
If you want to get fancy and keep all idiots out, even the more
clever ones, you can directly connect your open, unencrypted WAP to a
box (isolated network and addressing scheme); this box will run a VPN
concentrator software and your clients will be forced to use IPSEC to
connect to it. They will also not be allowed to connect to anything
else.
NetworkManager is now starting to support VPN clients, although I
haven't tried that yet.
I haven't yet tried NetworkManager. I hear good things about it, but
last I looked into it, it had some problems, especially when roaming
bwetween different wired networks and wireless networks. But, I'll
probably look into it again, especially if it doesn't require any
gnome/kde desktop integration. I still can't stand those.
-Kelsey
There is a misconception that NetworkManager should take care of
everything for the user. I guess that is really a complement because
NetworkManager is so far so good that people expect it to also account
for broken drivers, mis-configured AP's, FUBAR installations, and of
course ignorant users. I've noticed that the better NetworkManager gets,
the more discontented many of its users get.
--
Best Regards,
~DJA.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
