Dear List, Here is a patch against 0.6.4 to configure the most common phase2 options. Almost all of it was written by Stefan Schmidt <stefan at datenfreihafen.org>, i just fixed some remaining bugs:
http://carrot.hep.upenn.edu/~vbraun/phase2.patch (Actually, it is a patch against what is in the FC6 srpm, which apparently is some cvs version from August and patches. Sorry for that, but I promise to rediff it if requested) Now I know that adding another option to the WPA Enterprise dialog is not going to yield any praises, but on the other hand side it makes it useful for me (Dynamic WEP + phase2 PAP). I know that the whole dialog has to become smarter, but some phase2 options ought to stay. This patch is my main reason for posting this, but while I'm on it here are two more topics: ==== 1) WPA Enterprise passwords not saved to keyring ==== There are two "secrets" in the WPA Enterprise dialog: The password and the passphrase for the private key. Only the latter is stored in the gnome-keyring. Whats really broken is, of course, the dialog: you either have a password or a private key. A dirty hack would be to at least store the password in the gnome-keyring and disable the private key passphrase (who uses that? %-) for now. ==== 2) Ramblings on how the dialog ought to be ==== Finally, some ideas on how the network dialog should be. This is completely fiction and really an invitation for discussion: "Dynamic WEP" under "WPA Enterprise" is confusing. The "Wireless Security" combobox should be like this: None WEP 128-bit Passphrase WEP 64/128-bit Hex WEP 64/128-bit ASCII Dynamic WEP WPA Personal WPA Enterprise WPA2 Personal WPA2 Enterprise The "WPAx Enterprise" should allow for the EAP types that are included in the wifi certification, they are bound to show up in actual installations. So the "EAP Method" combobox should be EAP-TLS EAP-TTLS/MSCHAPv2 PEAPv0/EAP-MSCHAPv2 PEAPv1/EAP-GTC EAP-SIM EAP-LEAP When choosing "EAP-TTLS/MSCHAPv2", for example, then automatically phase2="auth=MSCHAPv2" is passed, and no extra phase2 box is needed. Likewise, only the authentification that makes sense for the given EAP type appears in the dialog. So if one selects "EAP-TLS" the remaining dialog asks for the private certificate, whereas if one selects "EAP-TTLS/MSCHAPv2" then the remaining dialog is anon_identity, identity, password only. The ca_cert and ca2_cert is automatically set to be the usual root certificate (which ought to be already in the distro somewhere, FC6: /etc/pki/tls/cert.pem). Distro packages depend on this file (FC6: depends already on openssl which owns the cert.pem). Thanks for reading my ramblings :-) Volker _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
