On Wed, 25 Sep 2019 at 13:16, Paul Menzel <pmen...@molgen.mpg.de> wrote: > On 25.09.19 12:54, Andrew Zaborowski wrote: > > I believe there's now also an auto-configuration tool for eduroam > > called CAT. Maybe you should also address proposals to that project. > > When I was an eduroam user myself I didn't use CAT, I actually used > > the GNOME nm-applet's wifi dialog to configure access but it took me > > many attempts and was far from the ideal way to do this. I remember > > the admins did provide mac-compatible config files and today I'd much > > prefer to simply convert that using our script (in > > tools/ios_convert.py) than to have to guess individual eap settings. > > > > I don't believe the script has been tested with eduroam yet. > > I can agree, but it’s not user friendly at all. So you want to teach the > users again, how to copy a text file to `/var/lib/iwd`?
Optimally the UI would include a way to do this but we don't have a specific proposal on how to do this or anyone working on it. It's a little complicated because the UI implementations are in separate projects from NM and they talk to NM using a well established config format and extending it needs changes in all of the projects and documentation. That's one DBus API, then NM talks to iwd using another DBus API, although we have considered at one point NM accessing iwd's config directory directly. The UI processes themselves shouldn't contain iwd-specific code and also shouldn't touch system directories. > What about if > the user does not want to share that connection system wide? Currently iwd has no per-user network configuration and as far as I know this is only considered for after 1.x releases but patches/proposals can be probably be sent at any time. > The admin > should not be able to read the password, as it’s often shared. > > Configuration files would be useful, but the GUI program should load > them, and use them to configure the system. > > I can only urge you to take the view point from a ignorant user. Please > test your suggestions with your parents or even grand parents and see if > it works. I doubt it. Please work together with the GUI folks how to > integrate this properly. Managed devices are not always a reality. > > (I second, that a missing common configuration file format for WiFi is a > problem.) > > >> Also it looks like, the password is stored in plain text in the iwd > >> configuration file (in some examples). > > > > While this is not recommended the password can be stored in the config > > file so that you don't have to type it through the secrets dialog > > every time, it's your or the admin's choice. > > Every time, or would it be stored in some keyring? There is code in NM to use gnome keyrings but I don't know how it works. Yes, the passwords may be sensitive but there are also setups where the private key is not even encrypted or the passwords are well known so we need to account for that scenario too. As for the machine's admin the users are assumed to always trust the admin independent of how the secrets are stored. Best regards _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
