On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: > Colin Walters <[EMAIL PROTECTED]> writes: > > > Seriously, what's the difference to the end user? > > Having to type their password first? > Having to restart gaim or psi or other apps because there's a > race condition between login and network startup?
These are apps that could use NM, but don't. Admittedly it's tough to expect the world to start using NetworkManager right away, but hopefully more and more will soon. But I believe the intention is that these apps get patched or fixed to not act this way in the future. As far as the password prompt is concerned, most people won't notice that missing or not. It's really a mystery to most people why and when the computer asks for passwords, thus why Trojan horses and other password stealer's have been successful. While the people that do understand authentication usually can spot these. > > As far as technical implementation I don't see using cached credentials > > to be less "straightforward" than trying to do network configuration > > before login. > > Caching credentials is a HARD problem. How is PAM supposed to > know my kerberos password, unless it stores it somewhere? I don't > want PAM to store my _kerberos_ password. > > Meanwhile, storing network passwords in a place that only root/NM > can get to it? Not so big a deal in my mind. These passwords > don't authenticate me, per se. They just let me on the network. > I still need to use Kerberos, SSH, etc. in order to _do_ anything > on the network. So this is kind of a rat hole of a discussion to get into, but... :-) John Dennis wrote up this bit on ccreds [1] and as he says, "This provides a good trade off between security and practical real world access for mobile users." So this ccreds system provides the kind of user experience we're looking for. And I always say that if a better technical implementation can pass the Turing test on our current user experience then I don't care what changed. The important part to me is the experience, if there's a more secure way of doing things with out crapping all over the fable people I try to defend all day, so be it. :-) Cheers, ~ Bryan [1] http://www.redhat.com/archives/fedora-devel-list/2004-September/msg01038.html _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list