Re: 2 questions...
On Tue, 2005-07-26 at 18:20 -0400, Derek Atkins wrote: > >> Who said anything about requiring users to "SysAdmin type things"? I > >> never did. > > > > You said: > > > > "Meanwhile, storing network passwords in a place that only root/NM > > can get to it?" > > > > I interpreted that as requiring a root password to change. > > Nope. The NM service runs in the root context. It can store data > wherever it wants in a way that only "root" can read it. That is > perfectly sufficient for my wants and needs, and does not require > anyone to type a root password or do any sysadminy-like things to > configure. It appears to me he's referring to something similar CUPS does. You can edit your printers etc using gnome-cups-manager, without giving a root password whatsoever (you just have to be in the lpadmin group). Gnome-cups-manager just talks to the cupsd, which stores the printers. Hence, no root passwords, and secure storage. Whether this is the sane thing to do is not something I want to judge about. -- Ruben Vermeersch (rubenv) http://www.Lambda1.be/ ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 18:20 -0400, Derek Atkins wrote: > Colin Walters <[EMAIL PROTECTED]> writes: > > >> Because I don't want my kerberos password cached.. Anywhere.. Anytime. > > > > What is the threat, exactly? Laptop theft? In that case, since the > > password is only cached in memory, as soon the thief reboots the laptop, > > the password is gone. Note also that we could clear the password from > > the memory cache on suspend; when you unsuspend the screensaver comes > > up, and we regenerate the memory cache from that. > > Um, if it's only cached in memory then that doesn't solve the bootup > problem. You're still stuck if you bootup on a wireless network. You > can't login because you're not on the network, and you can't get on > the network because you can't login. If the creds aren't cached on > disk, then you lose. It does seem to me the very first time you log in you need to be on the network, in order to get the credentials cached. Maybe the credential caching is the wrong idea entirely, and we should drop pam_krb5 from the gdm auth component and instead just use it in the password section (so you get local password changes when you change your kerberos password). Then to get the ticket you use krb5-auth-dialog. > What is the threat? Laptop theft is certainly high on my list. My > tickets are only valid for a short period of time. My password is > valid until I change it. Sure, and I think we can address the laptop theft threat by clearing the memory cache on suspend, and logout. > So doing it your way is no more secure.. In fact, I would argue it's > even LESS secure, because the malware could read out the daughter's > passwords whereas in my scenario it couldn't, because network > passwords would be write-only from nm-applet! So, my approach is even > more secure than yours against user-installed malware. That's a good point; but I think we should still be concerned about integrity and not just confidentiality; i.e. daughter's malware shouldn't be able to overwrite/destroy the VPN/wireless configuration of the father. As a side note I would like to get GConf enhanced to act as a SELinux "userspace object manager"; what this means is it would do access control based on the security context of the process requesting a preference key, so we could e.g. ensure that only nm-applet can read/write the wireless config keys and prevent a compromised firefox from accessing them. This way we get equivalent security to what you were suggesting of having the keys be stored in a write-only fashion to the user session. Also, having the wireless/VPN config system instead of per-user makes it more difficult to fix the bug (and it is a bug, IMO!) that when the father logs out the system is still on the VPN. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Colin Walters <[EMAIL PROTECTED]> writes: >> Because I don't want my kerberos password cached.. Anywhere.. Anytime. > > What is the threat, exactly? Laptop theft? In that case, since the > password is only cached in memory, as soon the thief reboots the laptop, > the password is gone. Note also that we could clear the password from > the memory cache on suspend; when you unsuspend the screensaver comes > up, and we regenerate the memory cache from that. Um, if it's only cached in memory then that doesn't solve the bootup problem. You're still stuck if you bootup on a wireless network. You can't login because you're not on the network, and you can't get on the network because you can't login. If the creds aren't cached on disk, then you lose. What is the threat? Laptop theft is certainly high on my list. My tickets are only valid for a short period of time. My password is valid until I change it. >> Who said anything about requiring users to "SysAdmin type things"? I >> never did. > > You said: > > "Meanwhile, storing network passwords in a place that only root/NM > can get to it?" > > I interpreted that as requiring a root password to change. Nope. The NM service runs in the root context. It can store data wherever it wants in a way that only "root" can read it. That is perfectly sufficient for my wants and needs, and does not require anyone to type a root password or do any sysadminy-like things to configure. >> I've ALWAYS said that NM should remember the preferences globally instead of >> storing them in nm-applet. > > I don't think we want to do that as we do want to support the multiuser > laptop case. Imagine a family with a father and a daughter. The father > takes the laptop to work and logs into the corporate wireless network > and VPN. The daughter wants to use the laptop at home. The daughter > really likes to install lots of random software from the internet. > > If the networks are per-user, malware installed in the daughter's > account can't email the father's network passwords and VPN configuration > to the world. So I think we should keep strong separation between users > wherever possible, and in this case, we can. First, I'm really only talking about 802.3 and 802.11; I don't really care about VPNs (at least in the context of auto-connect). Indeed, I don't think NM will autoconnect to VPN in any situation, so let's ignore that for now. I'm still perfectly happy with VPNs being per-user. Next, let's examine your scenario. Daughter installs software.. Well, let's assume sweat-pea doesn't know the root password, so anything the malware could do it could only read the things that she could. The network passwords would still be owned by a root-only config, so which the NM service could read them, sweat-pea can't. So the malware running as sweat-pea can't get the network passwords. So your threat is still averted because the passwords aren't available to the malware. Indeed, the passwords should be "write-only" from nm-applet into NM. Now, also keep in mind that if Daddy was connected to his work VPN and then logged out without disconnecting, the VPN will still be active when Daughter logs in. NOW the malware has access to the VPN! So doing it your way is no more secure.. In fact, I would argue it's even LESS secure, because the malware could read out the daughter's passwords whereas in my scenario it couldn't, because network passwords would be write-only from nm-applet! So, my approach is even more secure than yours against user-installed malware. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: On Tue, 2005-07-26 at 13:55 -0400, warlord wrote: Not having network is by far the exception, not the rule, so IMHO life should be optimized for dealing with the common (have network) case. Are you from another planet, and can I live there? :) People's Republic of Cambridge... (well, actually, the next city over, but close enough). Sure, you can live here. :) Seriously...while always-available network may be a reality for you, it's not for people who travel a lot for example. While many airports, coffee shops, trains, and hotels, etc. are getting network connections, not all are. And even if they have it, many are not free and I don't always want to shell out $5-$10 or whatever repeatedly just because Gaim pops up lots of dialogs when it can't connect to my Jabber server :) Well, I travel a lot. I've had years where I've had status on multiple airlines. I expect to finish over 50,000 miles this year, too. But when I travel my laptop is usually suspended, not shutdown. I leave myself logged in. Maybe I'm eccentric.. But this isn't the case that I'm arguing about. How often do you reboot your machine? What I'm asking for is only an issue for bootup.. I rarely boot my machine at an airport, starbucks, or other place. The vast majority of time I boot it at home, at MIT, or at my office, a place where I do have network, and the network can be preconfigred into the machine. The "start network earlier" issue is only about bootup; once the machine is up and running that's a completely different story, and one I don't think can change. Note that once NM is connected to a network, I can logout from userA and login to userB and the network doesn't change!!! So NM is already sharing networks across multiple user accounts. I'm just asking to make this more explicit, and make it "nicer" to the users and applications by starting earlier. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 13:55 -0400, warlord wrote: > Not having network is by > far the exception, not the rule, so IMHO life should be optimized for dealing > with the common (have network) case. Are you from another planet, and can I live there? :) Seriously...while always-available network may be a reality for you, it's not for people who travel a lot for example. While many airports, coffee shops, trains, and hotels, etc. are getting network connections, not all are. And even if they have it, many are not free and I don't always want to shell out $5-$10 or whatever repeatedly just because Gaim pops up lots of dialogs when it can't connect to my Jabber server :) signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:55 -0400, David Zeuthen wrote: > On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > > no offense intended, but I still disagree with that design choice. It > > means you > > cannot use NM in a situation where you have wireless network and > > network-based > > login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to > > already be logged in in order to start the wireless network, which means you > > have to have a local account. > > > > IMNSHO it would be much better to store this information globally so that > > NM can > > choose from pre-defined networks before the user is logged in. This > > certainly > > works fine for WEP or unprotected networks, and even for shared-key WPA > > networks. It might not work as well for interactive 802.1x > > authentication... > > > > Even Windows will setup the network before the login process, assuming the > > wireless network was configured a priori! How could Windows get something > > right and Linux not? > > I've tried to argue for some time that the right solution here is > clearly to run nm-applet on top of, and managed by, your login manager, > e.g. gdm. I think this kind of jumping to implementation details. This may be in large part the approach we want, but I'd like to look at some of the use cases and interaction choices that fall out from it. We already fixed the Kerberos thing, so that's a non-use-case. The other thing that came up in this thread is the server case. The way system administrators configure networking right now is $EDITOR /etc/blah or possibly some tool like system-config-network. Your nobody/GConf suggestion basically makes it impossible to configure server wireless networking by hand with $EDITOR. You will probably get a lot of unhappy Unix sysadmins, who tend to live and breathe text files (as we don't have any better common system). For the server case, an alternative to nobody/GConf is to have "nm-static-info", a little binary which parses distro wireless network config files (and possibly reads /etc/NetworkManager/wireless.conf or something), and owns the org.freedesktop.NetworkManagerInfo service on the bus. It doesn't link to GTK+ or GConf, and there's no user interaction expected, it just runs early as part of the server bootup. This approach lets Unix admins use $EDITOR and also keeps all the existing distro tools for server wireless network configuration (like system-config-network, YaST, etc.) working unchanged. Possibly we could even have the default NetworkManager init script start this daemon by default; we need to figure out how to kill it (really, make it not own NetworkManagerInfo) though when the user logs in. The current semantics for D-BUS service names are backwards from what we want here. > - the UI will have to be a bit different and it will store keys in the > user 'nobody' gconf-tree, alternatively use keys from the system-wide > (or site-wide) default/mandatory gconf-trees. Wait, am I understanding you correctly and you're saying gdm would gain a notification area and a wireless networking selector? Or are you just talking about implementation details? The goal in my mind here is to solve the server case. > Btw, we desperately need this kind of infrastructure in GNOME for > other > things such as running gnome-volume-manager, gnome-screensaver, > gnome-power-manager etc. I proposed this [1] to be part of the GNOME > session services framework that people at Red Hat been working on; it > makes a lot of sense to me. I guess what makes me nervous about this is it seems like part of a big plan to unify how servers and desktops are configured, and while I think that's valuable in theory, the current design is a pretty nontrivial change to how many server system administrators are used to working. I mean...the server admin experience for configuring wireless manually would be like: sudo nobody gconftool-2 -t string /system/networking/wireless/networks/Company/essid blah sudo nobody gconftool-2 -t string /system/networking/wireless/networks/Company/timestamp ?? sudo nobody gconftool-2 -t string /system/networking/wireless/networks/Company/key secret ... versus just $EDITOR /etc/blah, which is what admins have to do anyways for all the stuff they truly care about like Samba and Apache. The primary value in your proposal seems to be that we share a lot more code between the desktop/server cases. But for g-v-m and g-p-m, do you really want to have the same set of knobs available for desktops and servers? ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Dan Williams <[EMAIL PROTECTED]>: Note that I'm really only considering user/desktop apps here. We shouldn't expect server stuff like Apache to assume no network, since the whole point of Apache is that there _is_ a network to serve stuff to. But if somebody has a laptop that's always plugged in, why are they using NetworkManager at all right now? It may not always be plugged in, but it may always be "on some network". Some people do live in a situation where there is network connectivity 99% of the time -- sometimes wired, sometimes wireless. NM is perfect when you live in this situation and want a nice GUI tool to help you when you move around from one SSID to another. If they use NetworkManager, they must reasonably expect their network not to be around at various points, and therefore the applications have to deal with that case. NetworkManager can't babysit every application, and the way things get fixed is, in some cases, to cause their assumptions to be invalid and have people yell a lot. Nah, I reasonably expect to have network a vast majority of the time; I don't want to have to act like I don't when I know I do. Not having network is by far the exception, not the rule, so IMHO life should be optimized for dealing with the common (have network) case. It just so happens that 802.11 is more prevalent than 802.3. The way it is right now isn't necessarily the best way. Its a historical artifact that stuff on Unix/Linux _assumes_ a network is always present, and now that people run laptops we get to lobotomize all sorts of stupid desktop applications that don't expect stuff to drop out from underneath them. Which is perfectly valid situation if you've got a laptop and are using wireless. I don't think it's egocentric at all, given the way things are going and the way people are now using computers compared to 5 years ago. I dont know... I'm certainly using my laptop in the same way I've been using laptops for the last 10 years. I've always been mobile, trans-continental, wanting to work offline and online. The only difference between now and 10 years ago is that back then it was all 802.3 and now it's mostly 802.11. NM is definitely a step in the right direction, but I wish I didn't have to lose functionality to gain what NM provides. For example, I've spent the last four years using wlan-ng with the wlan-ng scanning scripts. Those are WONDERFUL! During bootup (or after resume-from-suspect) it will scan and connect to any of the preconfigured networks. It starts the network at the "right place" in the boot sequence and everything is happy. The only downside is the lack of a pretty UI to control it all. Why should wireless networks be treated differently than wired networks in terms of when they are started? Arguably they shouldn't, but it just happens that NetworkManager does start wired networks right now. But that's not intentional, just an oversight. When we get a sane system services and configuration framework, then we can start stuff like wireless earlier too. NetworkManager breaks horribly for the "network mounted /usr" case right now too, but do you reasonably suspect people that have network mounted critical partitions to be running NetworkManager? (note that you physically can't, because dbus, hal, and glib reside on /usr) Okay, so it's an oversight that wireless is started later, not an oversight that wired is started earlier? That makes me feel better! :) I do wish that NM, hal, and dbus could be started early enough to handle a network-mounted /usr. I've certainly lived in a situation where I've had a network-mounted /home! Why should NM work differently than the original network scripts in terms of when networks are started? Sure, NM gives you the ability to connect to different wireless networks. This is a good thing.. But it still starts too late. Frankly, because the network scripts suck for mobile users. They are not automatic, which was the whole point of NetworkManager. Part of it was also that there was no use-case we could think of that required an early start for the mobile user. Now that you've found one, we have to go through and think of how to deal with it in a useable manner. But that doesn't automatically mean falling back to exactly the way things were done before... LOL. Yes, those scripts do.. As I said, I've been using wlan-ng for years and it's mostly what I want, except for the lack of proper UI for non-root configuration. I really want NG to be as good as (and much better than) those old wlan-ng scripts, especially since I have a new laptop that doesn't use a prism card ;) Dan Thanks. -derek ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 10:14 -0400, warlord wrote: > Quoting Dan Williams <[EMAIL PROTECTED]>: > > > On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: > >> Colin Walters <[EMAIL PROTECTED]> writes: > >> > >> > Seriously, what's the difference to the end user? > >> > >> Having to type their password first? > >> Having to restart gaim or psi or other apps because there's a > >> race condition between login and network startup? > > > > Again, this is a problem with the _apps_. They need to be aware of > > network changes. > > Dan, you keep conflating two issues which are not the same. You seem to be > confusing "network exists at startup" from "network changes from under > you". I'm concerned about the former, you seem to talking about the > latter. No, they are actually the same thing. Remember, a network change can be from having a network connection to having _no_ network connection. Apps need to be able to deal with that, things like Evolution and Mozilla have offline modes for this sort of thing. Its a fairly simple patch to Mozilla/Firefox to flip to "offline" mode when NM tells Firefox that there's no network connection. So apps need to start up assuming there's no network connection, then doing whatever it is that they do when they find out there is one. Note that I'm really only considering user/desktop apps here. We shouldn't expect server stuff like Apache to assume no network, since the whole point of Apache is that there _is_ a network to serve stuff to. But if somebody has a laptop that's always plugged in, why are they using NetworkManager at all right now? If they use NetworkManager, they must reasonably expect their network not to be around at various points, and therefore the applications have to deal with that case. NetworkManager can't babysit every application, and the way things get fixed is, in some cases, to cause their assumptions to be invalid and have people yell a lot. > Most applications fail harder if there's no network when they start, but will > deal much better if the network changes from under them. Asking every > application writer of every application to deal better with starting without > network just because you don't want to make a "global network configuration" > seems a little, I don't know, egocentric? "The world must work THIS way"? The way it is right now isn't necessarily the best way. Its a historical artifact that stuff on Unix/Linux _assumes_ a network is always present, and now that people run laptops we get to lobotomize all sorts of stupid desktop applications that don't expect stuff to drop out from underneath them. Which is perfectly valid situation if you've got a laptop and are using wireless. I don't think it's egocentric at all, given the way things are going and the way people are now using computers compared to 5 years ago. > Why should wireless networks be treated differently than wired networks > in terms of when they are started? Arguably they shouldn't, but it just happens that NetworkManager does start wired networks right now. But that's not intentional, just an oversight. When we get a sane system services and configuration framework, then we can start stuff like wireless earlier too. NetworkManager breaks horribly for the "network mounted /usr" case right now too, but do you reasonably suspect people that have network mounted critical partitions to be running NetworkManager? (note that you physically can't, because dbus, hal, and glib reside on /usr) > Why should NM work differently than the original network scripts in terms of > when networks are started? Sure, NM gives you the ability to connect to > different wireless networks. This is a good thing.. But it still starts too > late. Frankly, because the network scripts suck for mobile users. They are not automatic, which was the whole point of NetworkManager. Part of it was also that there was no use-case we could think of that required an early start for the mobile user. Now that you've found one, we have to go through and think of how to deal with it in a useable manner. But that doesn't automatically mean falling back to exactly the way things were done before... Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 12:58 -0400, warlord wrote: > Quoting Colin Walters <[EMAIL PROTECTED]>: > > >> Having to restart gaim or psi or other apps because there's a > >> race condition between login and network startup? > > You ignored this issue... I ignored it because Dan answered it: all applications have to handle network unavailability at any time. > Because I don't want my kerberos password cached.. Anywhere.. Anytime. What is the threat, exactly? Laptop theft? In that case, since the password is only cached in memory, as soon the thief reboots the laptop, the password is gone. Note also that we could clear the password from the memory cache on suspend; when you unsuspend the screensaver comes up, and we regenerate the memory cache from that. > It only knows my keys derived from my > password. But honestly I'm sorry I brought up Kerberos -- it's > detracting from the real > issue which is that Wireless and Wired networks are treated differently during > the startup sequence. I answered this elsewhere; they aren't really. > Who said anything about requiring users to "SysAdmin type things"? I > never did. You said: "Meanwhile, storing network passwords in a place that only root/NM can get to it?" I interpreted that as requiring a root password to change. > I've ALWAYS said that NM should remember the preferences globally instead of > storing them in nm-applet. I don't think we want to do that as we do want to support the multiuser laptop case. Imagine a family with a father and a daughter. The father takes the laptop to work and logs into the corporate wireless network and VPN. The daughter wants to use the laptop at home. The daughter really likes to install lots of random software from the internet. If the networks are per-user, malware installed in the daughter's account can't email the father's network passwords and VPN configuration to the world. So I think we should keep strong separation between users wherever possible, and in this case, we can. > I agree that any time an end user needs the root password we have failed. I > certainly don't want to have to type that just to connect to a new/different > wireless network. OTOH I *DO* want the wireless network to come up on its own > BEFORE I LOGIN if it's a network I've ever seen before (or an open network). Again, every application has to handle the case where you power on your laptop without any network connectivity at all, and know what to do when it comes back or vanishes. The only reason to start before login would be the implementation detail of letting pam_krb5 talk to the Kerberos server, and we already came up with a solution for that with ccreds and krb5-auth-dialog. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 10:14 -0400, warlord wrote: > Dan, you keep conflating two issues which are not the same. You seem to be > confusing "network exists at startup" from "network changes from under > you". I'm concerned about the former, you seem to talking about the > latter. I would conflate the two as well, since to me (as a software developer) it seems that if you can handle the latter, the former is easy. > Most applications fail harder if there's no network when they start, but will > deal much better if the network changes from under them. Really? What applications? And why is it so much harder to handle no-network-at-start? > Why should wireless networks be treated differently than wired networks > in terms > of when they are started? They aren't treated differently in the design really, just the implementation detail makes wired networks start earlier in the boot process. Depending on that implementation detail is a bug. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Dan Williams <[EMAIL PROTECTED]>: On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: Colin Walters <[EMAIL PROTECTED]> writes: > Seriously, what's the difference to the end user? Having to type their password first? Having to restart gaim or psi or other apps because there's a race condition between login and network startup? Again, this is a problem with the _apps_. They need to be aware of network changes. Dan, you keep conflating two issues which are not the same. You seem to be confusing "network exists at startup" from "network changes from under you". I'm concerned about the former, you seem to talking about the latter. Most applications fail harder if there's no network when they start, but will deal much better if the network changes from under them. Asking every application writer of every application to deal better with starting without network just because you don't want to make a "global network configuration" seems a little, I don't know, egocentric? "The world must work THIS way"? Why should wireless networks be treated differently than wired networks in terms of when they are started? Why should NM work differently than the original network scripts in terms of when networks are started? Sure, NM gives you the ability to connect to different wireless networks. This is a good thing.. But it still starts too late. Dan -derek ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: Having to restart gaim or psi or other apps because there's a race condition between login and network startup? You ignored this issue... Caching credentials is a HARD problem. How is PAM supposed to know my kerberos password, unless it stores it somewhere? I don't want PAM to store my _kerberos_ password. Why not? If you wanted to avoid the second password prompt, there's no reason for example we couldn't have PAM pass the password on to your user session, and then krb5-auth-dialog would try that first before prompting you. Because I don't want my kerberos password cached.. Anywhere.. Anytime. Not even the KDC knows my password.. It only knows my keys derived from my password. But honestly I'm sorry I brought up Kerberos -- it's detracting from the real issue which is that Wireless and Wired networks are treated differently during the startup sequence. Meanwhile, storing network passwords in a place that only root/NM can get to it? We might need to end up doing this for the server case, but for your laptop case I think requiring end users to do system administrator type things just to get their laptop working is wrong. Any time an end user needs the root password we have failed. Who said anything about requiring users to "SysAdmin type things"? I never did. I've ALWAYS said that NM should remember the preferences globally instead of storing them in nm-applet. I don't see how this is requiring a user to do sysadmin things. I agree that any time an end user needs the root password we have failed. I certainly don't want to have to type that just to connect to a new/different wireless network. OTOH I *DO* want the wireless network to come up on its own BEFORE I LOGIN if it's a network I've ever seen before (or an open network). ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
2005/7/26, Colin Walters <[EMAIL PROTECTED]>: > On Tue, 2005-07-26 at 03:05 +0200, Sebastien ESTIENNE wrote: > > D > > I also need it for other reasons than kerberos: > > - i can't acces my samba shares until i log in, using my laptops as > > mobile file server, sometimes i expect to just power it on and be able > > to acces my files. > > - the same for apache (holding my wiki) and hula holding my > > contacts/planning > > There's two answers. First, we could say his is the same as the server > use case, regardless of the fact that you're running the servers on a > laptop. > > The second answer is, what if we changed the OS so that when your laptop > boots up, gdm would detect that there was only one user on the system, > and would just start logging you in, but with the screensaver already > locked. That way everything in your user session (including nm-applet) > would run, and your servers would have network connectivity. That's a good solution, anyway i think merging gdm and the screensaver functionnality is a good move for other things like fast user switching > > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQBC5mIVOIkJWWp2WGURApwvAJ4jnmTARnCv+h8EtrkFZw77e0r0mwCeJZJM > ew1pVrXHS7eUo4Tv7t/YrKg= > =DcMp > -END PGP SIGNATURE- > > > -- Sebastien Estienne ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Tue, 2005-07-26 at 03:05 +0200, Sebastien ESTIENNE wrote: > D > I also need it for other reasons than kerberos: > - i can't acces my samba shares until i log in, using my laptops as > mobile file server, sometimes i expect to just power it on and be able > to acces my files. > - the same for apache (holding my wiki) and hula holding my > contacts/planning There's two answers. First, we could say his is the same as the server use case, regardless of the fact that you're running the servers on a laptop. The second answer is, what if we changed the OS so that when your laptop boots up, gdm would detect that there was only one user on the system, and would just start logging you in, but with the screensaver already locked. That way everything in your user session (including nm-applet) would run, and your servers would have network connectivity. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: > Colin Walters <[EMAIL PROTECTED]> writes: > > > Seriously, what's the difference to the end user? > > Having to type their password first? Not necessarily: > Having to restart gaim or psi or other apps because there's a > race condition between login and network startup? > > > As far as technical implementation I don't see using cached credentials > > to be less "straightforward" than trying to do network configuration > > before login. > > Caching credentials is a HARD problem. How is PAM supposed to > know my kerberos password, unless it stores it somewhere? I don't > want PAM to store my _kerberos_ password. Why not? If you wanted to avoid the second password prompt, there's no reason for example we couldn't have PAM pass the password on to your user session, and then krb5-auth-dialog would try that first before prompting you. > Meanwhile, storing network passwords in a place that only root/NM > can get to it? We might need to end up doing this for the server case, but for your laptop case I think requiring end users to do system administrator type things just to get their laptop working is wrong. Any time an end user needs the root password we have failed. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Robert Love wrote: On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: IMNSHO it would be much better to store this information globally so that NM can choose from pre-defined networks before the user is logged in. This certainly works fine for WEP or unprotected networks, and even for shared-key WPA networks. It might not work as well for interactive 802.1x authentication... I can see an argument for _also_ storing a set of wireless networks globally, but the keys and the preferred networks are definitely per-user. At first I disliked this decision, too, but it definitely makes sense. I would be happy with the ability to bring up the wireless, or otherwise, from the command line(and get confirmation that it is up). This way I can create an init script in place of my distro's init scripts, and bring other network services up at boot time. Or it could be simple as a command line switch for NetworkManager to bring up the connection when it is started. Perhaps even block until it is. The ability to restart these when my ip changes etc is unimportant because very few are affected by the change. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: > Colin Walters <[EMAIL PROTECTED]> writes: > > > Seriously, what's the difference to the end user? > > Having to type their password first? > Having to restart gaim or psi or other apps because there's a > race condition between login and network startup? These are apps that could use NM, but don't. Admittedly it's tough to expect the world to start using NetworkManager right away, but hopefully more and more will soon. But I believe the intention is that these apps get patched or fixed to not act this way in the future. As far as the password prompt is concerned, most people won't notice that missing or not. It's really a mystery to most people why and when the computer asks for passwords, thus why Trojan horses and other password stealer's have been successful. While the people that do understand authentication usually can spot these. > > As far as technical implementation I don't see using cached credentials > > to be less "straightforward" than trying to do network configuration > > before login. > > Caching credentials is a HARD problem. How is PAM supposed to > know my kerberos password, unless it stores it somewhere? I don't > want PAM to store my _kerberos_ password. > > Meanwhile, storing network passwords in a place that only root/NM > can get to it? Not so big a deal in my mind. These passwords > don't authenticate me, per se. They just let me on the network. > I still need to use Kerberos, SSH, etc. in order to _do_ anything > on the network. So this is kind of a rat hole of a discussion to get into, but... :-) John Dennis wrote up this bit on ccreds [1] and as he says, "This provides a good trade off between security and practical real world access for mobile users." So this ccreds system provides the kind of user experience we're looking for. And I always say that if a better technical implementation can pass the Turing test on our current user experience then I don't care what changed. The important part to me is the experience, if there's a more secure way of doing things with out crapping all over the fable people I try to defend all day, so be it. :-) Cheers, ~ Bryan [1] http://www.redhat.com/archives/fedora-devel-list/2004-September/msg01038.html ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 18:15 -0400, Derek Atkins wrote: > I think something like this would work.. But how would one configure the > "available" or "preferred" networks in the nobody context? Provided there is > some way for a user to push this list of networks/keys into the nobody context > I have no objection to it working this way. It's effectively what I wanted, > although I was thinking it would be done by NM itself. > > My personal preference is still to have NM store the data in a root-only > context > and NM-applet can pass the preferred list to NM.. That way NM can still make > decisions based on preferred networks without the applet. Perhaps user can > choose whether to tell NM to save the info in the global context or save it in > the user context? Part of the design of NetworkManager is not having choices about where or how things are stored. NM just does that work and people don't have to think about the context their passwords are stored in. It's actually the more secure method overall, since most people don't understand security at all they tend to make mistakes like entering their passwords for Trojan horses. To avoid this we don't give them any choices when it comes to security. Now this doesn't mean that there isn't room for some kind of NetworkManagerAdmin thing that allows _you_ to do crazy stuff, but it would take some work to design and implement that first. > Honestly... Am I really the only person here that considers laptops > effectively > single-user? It really sounds like you're architecting for a multi-user > laptop > and leaving the single-user laptops in a lurch, having to jump through a bunch > of hoops.. Isn't the network generally a system resource, not a user > resource? I agree that it would be nice to have a switch that let my OS know that it's a single user machine and I wouldn't have to bother with the attributes of multi-user machines. I've pushed for some kind of a system service that would store system settings and information like this. However until that happens I think we have a pretty good solution. ~ Bryan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote: > Colin Walters <[EMAIL PROTECTED]> writes: > > > Seriously, what's the difference to the end user? > > Having to type their password first? > Having to restart gaim or psi or other apps because there's a > race condition between login and network startup? Again, this is a problem with the _apps_. They need to be aware of network changes. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Nobody? Rgds, Joris > > 1.) Is there a possibility to make networkmanager connect from > commande-line? > > 2.) My nm-applet only show "Disconnect VPN..." in the "VPN Connections" > menu. Is there something special to configure to create a new VPN > connection? > > Regards, > Joris > > ___ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list -- (( [EMAIL PROTECTED] )) <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Derek Atkins wrote: Quoting Dan Williams <[EMAIL PROTECTED]>: - when someone logs in the nm-applet managed by gdm goes away and is replaced with the nm-applet in the user session (this, similar schemes for e.g. fast-user-switching). As we've talked about before, something like this would be completely acceptable. I think something like this would work.. But how would one configure the "available" or "preferred" networks in the nobody context? Provided there is some way for a user to push this list of networks/keys into the nobody context I have no objection to it working this way. It's effectively what I wanted, although I was thinking it would be done by NM itself. My personal preference is still to have NM store the data in a root-only context and NM-applet can pass the preferred list to NM.. That way NM can still make decisions based on preferred networks without the applet. Perhaps user can choose whether to tell NM to save the info in the global context or save it in the user context? Honestly... Am I really the only person here that considers laptops effectively single-user? It really sounds like you're architecting for a multi-user laptop and leaving the single-user laptops in a lurch, having to jump through a bunch of hoops.. Isn't the network generally a system resource, not a user resource? I agree with you with the single-user nature of laptops. And also the fact that it should connect to known networks without login in. I also need it for other reasons than kerberos: - i can't acces my samba shares until i log in, using my laptops as mobile file server, sometimes i expect to just power it on and be able to acces my files. - the same for apache (holding my wiki) and hula holding my contacts/planning Making gdm starting the network would a fairly good solution as Davis Z proposed. -- Sebest Dan -derek ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Colin Walters <[EMAIL PROTECTED]> writes: > Seriously, what's the difference to the end user? Having to type their password first? Having to restart gaim or psi or other apps because there's a race condition between login and network startup? > As far as technical implementation I don't see using cached credentials > to be less "straightforward" than trying to do network configuration > before login. Caching credentials is a HARD problem. How is PAM supposed to know my kerberos password, unless it stores it somewhere? I don't want PAM to store my _kerberos_ password. Meanwhile, storing network passwords in a place that only root/NM can get to it? Not so big a deal in my mind. These passwords don't authenticate me, per se. They just let me on the network. I still need to use Kerberos, SSH, etc. in order to _do_ anything on the network. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 18:30 -0400, Derek Atkins wrote: > Quoting Colin Walters <[EMAIL PROTECTED]>: > > > > > Why does it matter whether the credentials are "real" or cached? > > > > > > Because cached credentials probably don't work on the net because they've > > > expired? > > > > In this model you get a new Kerberos ticket when the network becomes > > available (and also when the ticket expires): > > Call me silly, but which seems more straightforward to you? Silly =) Seriously, what's the difference to the end user? As far as technical implementation I don't see using cached credentials to be less "straightforward" than trying to do network configuration before login. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: > > > Why does it matter whether the credentials are "real" or cached? > > > > Because cached credentials probably don't work on the net because they've > > expired? > > In this model you get a new Kerberos ticket when the network becomes > available (and also when the ticket expires): Call me silly, but which seems more straightforward to you? Login using cached credentials Wait for network to start Refresh creds Be happy or Network starts Login and obtain fresh credentials Be happy > http://cvs.gnome.org/viewcvs/krb5-auth-dialog/ -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 18:08 -0400, Derek Atkins wrote: > Quoting Colin Walters <[EMAIL PROTECTED]>: > > > On Mon, 2005-07-25 at 17:57 -0400, Derek Atkins wrote: > > > > > but I shouldn't have to use cached credentials -- I can acquire real > > credentials > > > if I were just on the network. I don't need to use PAM cached creds in > > this > > > situation. I just need IP before login. > > > > Why does it matter whether the credentials are "real" or cached? > > Because cached credentials probably don't work on the net because they've > expired? In this model you get a new Kerberos ticket when the network becomes available (and also when the ticket expires): http://cvs.gnome.org/viewcvs/krb5-auth-dialog/ signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Dan Williams <[EMAIL PROTECTED]>: > > - when someone logs in the nm-applet managed by gdm goes away and is > > replaced with the nm-applet in the user session (this, similar schemes > > for e.g. fast-user-switching). > > As we've talked about before, something like this would be completely > acceptable. I think something like this would work.. But how would one configure the "available" or "preferred" networks in the nobody context? Provided there is some way for a user to push this list of networks/keys into the nobody context I have no objection to it working this way. It's effectively what I wanted, although I was thinking it would be done by NM itself. My personal preference is still to have NM store the data in a root-only context and NM-applet can pass the preferred list to NM.. That way NM can still make decisions based on preferred networks without the applet. Perhaps user can choose whether to tell NM to save the info in the global context or save it in the user context? Honestly... Am I really the only person here that considers laptops effectively single-user? It really sounds like you're architecting for a multi-user laptop and leaving the single-user laptops in a lurch, having to jump through a bunch of hoops.. Isn't the network generally a system resource, not a user resource? > Dan -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: > On Mon, 2005-07-25 at 17:57 -0400, Derek Atkins wrote: > > > but I shouldn't have to use cached credentials -- I can acquire real > credentials > > if I were just on the network. I don't need to use PAM cached creds in > this > > situation. I just need IP before login. > > Why does it matter whether the credentials are "real" or cached? Because cached credentials probably don't work on the net because they've expired? Keep in mind that this is only an issue during bootup... Or if I logout before suspend (which I never do). Besides, how many laptops truly are multi-user machines??? -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:55 -0400, David Zeuthen wrote: > On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > > no offense intended, but I still disagree with that design choice. It > > means you > > cannot use NM in a situation where you have wireless network and > > network-based > > login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to > > already be logged in in order to start the wireless network, which means you > > have to have a local account. > > > > IMNSHO it would be much better to store this information globally so that > > NM can > > choose from pre-defined networks before the user is logged in. This > > certainly > > works fine for WEP or unprotected networks, and even for shared-key WPA > > networks. It might not work as well for interactive 802.1x > > authentication... > > > > Even Windows will setup the network before the login process, assuming the > > wireless network was configured a priori! How could Windows get something > > right and Linux not? > > I've tried to argue for some time that the right solution here is > clearly to run nm-applet on top of, and managed by, your login manager, > e.g. gdm. > > - the UI will have to be a bit different and it will store keys in the > user 'nobody' gconf-tree, alternatively use keys from the system-wide > (or site-wide) default/mandatory gconf-trees. > > - when someone logs in the nm-applet managed by gdm goes away and is > replaced with the nm-applet in the user session (this, similar schemes > for e.g. fast-user-switching). As we've talked about before, something like this would be completely acceptable. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:57 -0400, Derek Atkins wrote: > but I shouldn't have to use cached credentials -- I can acquire real > credentials > if I were just on the network. I don't need to use PAM cached creds in this > situation. I just need IP before login. Why does it matter whether the credentials are "real" or cached? > Actually, AFS works just fine with changing the IP Address out from under it. > In fact, I think it can generally even be started without the network > nowadays, > too. Cool. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: > > Actually, that's not true at all. I could be in any of a dozen different > > buildings at MIT, at my house, at Usenix or IETF or some other conference > -- > > Yep, NetworkManager rocks for this. Except it wont bring me up on the network until I'm logged in... > > and I should be able to use my standard network login from any of those > > locations. > > I completely agree! The PAM cached credentials work should fix this. but I shouldn't have to use cached credentials -- I can acquire real credentials if I were just on the network. I don't need to use PAM cached creds in this situation. I just need IP before login. > > And I don't even want to think about the hell that OpenAFS would be! > > Most network file systems were designed before the roaming laptop era, > and do not account for the network arbitrarily disappearing and instead > like to eat applications by blocking them in IO wait state (hi NFS!). > I don't know whether OpenAFS is similar but I imagine so. Actually, AFS works just fine with changing the IP Address out from under it. In fact, I think it can generally even be started without the network nowadays, too. > I just gave up on network file systems like NFS for my laptop long ago. Not me. :-/ -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > no offense intended, but I still disagree with that design choice. It means > you > cannot use NM in a situation where you have wireless network and network-based > login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to > already be logged in in order to start the wireless network, which means you > have to have a local account. > > IMNSHO it would be much better to store this information globally so that NM > can > choose from pre-defined networks before the user is logged in. This certainly > works fine for WEP or unprotected networks, and even for shared-key WPA > networks. It might not work as well for interactive 802.1x authentication... > > Even Windows will setup the network before the login process, assuming the > wireless network was configured a priori! How could Windows get something > right and Linux not? I've tried to argue for some time that the right solution here is clearly to run nm-applet on top of, and managed by, your login manager, e.g. gdm. - the UI will have to be a bit different and it will store keys in the user 'nobody' gconf-tree, alternatively use keys from the system-wide (or site-wide) default/mandatory gconf-trees. - when someone logs in the nm-applet managed by gdm goes away and is replaced with the nm-applet in the user session (this, similar schemes for e.g. fast-user-switching). Btw, we desperately need this kind of infrastructure in GNOME for other things such as running gnome-volume-manager, gnome-screensaver, gnome-power-manager etc. I proposed this [1] to be part of the GNOME session services framework that people at Red Hat been working on; it makes a lot of sense to me. Cheers, David [1] : May be a bit out of context but here are the pointers http://mail.gnome.org/archives/desktop-devel-list/2005-July/msg00136.html http://mail.gnome.org/archives/desktop-devel-list/2005-July/msg00183.html ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:36 -0400, Colin Walters wrote: > A while ago some Fedora hackers were working on "cached credentials" for > PAM; the idea is that when you logged in, the credentials would be > cached locally, so that if you were ever away from the network, you > could still log in. I'm not sure what the status on that is. http://www.redhat.com/archives/fedora-devel-list/2004-September/msg01038.html If you're interested I'd probably ping John or ask on fedora-devel-list. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:41 -0400, Dan Williams wrote: > If its broken, hopefully it won't be saying that it's got a link. If it > does, then we get to play the "how can I disable you system-wide" game. > Either BIOS or knock it out of HAL somehow. NM should allow you to use > what HAL provides. I meant broken as in DHCP or whatever isn't working. But so long as we disable wireless network selection and scanning while wired, I am happy. Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:17 -0400, Robert Love wrote: > On Mon, 2005-07-25 at 17:14 -0400, Dan Williams wrote: > > > Intended. If you wanted a wireless network, why would you have a cable > > plugged in? If you want a wireless network, why are you docked and why > > does the docking station have a cable plugged in? > > Say if my Ethernet is broken or on a different network. But ... If its broken, hopefully it won't be saying that it's got a link. If it does, then we get to play the "how can I disable you system-wide" game. Either BIOS or knock it out of HAL somehow. NM should allow you to use what HAL provides. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:24 -0400, Derek Atkins wrote: > Quoting Colin Walters <[EMAIL PROTECTED]>: > > > If you're using network login, your computer is tied specifically to > > that network; you can't switch networks, which invalidates a lot of the > > point of NetworkManager as it is today. For the short term you could > > just use your OS native wireless networking scripts, hardcode the > > wireless network and WEP key in /etc/whatever. > > Actually, that's not true at all. I could be in any of a dozen different > buildings at MIT, at my house, at Usenix or IETF or some other conference -- Yep, NetworkManager rocks for this. > and I should be able to use my standard network login from any of those > locations. I completely agree! The PAM cached credentials work should fix this. > Moreover, I have a bunch of network services that don't like to startup > without > network. > Even now I have to restart ntpd, sendmail, and athena-zhm by hand.. As Dan said, this is just bugs in the init system and/or those daemons. > And I don't even want to think about the hell that OpenAFS would be! Most network file systems were designed before the roaming laptop era, and do not account for the network arbitrarily disappearing and instead like to eat applications by blocking them in IO wait state (hi NFS!). I don't know whether OpenAFS is similar but I imagine so. I just gave up on network file systems like NFS for my laptop long ago. > Yea, every once in a blue moon do I need a static IP.. It would be nice to > have > it available. OTOH I don't think it's odd at all to want the network to come > up during the boot sequence. Note the desktop login is really part of the boot sequence from the normal user perception. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > Quoting Dan Williams <[EMAIL PROTECTED]>: > > > All the wireless keys, preferred network, and which networks you're > > actually allowed to connect to are stored per-user, as designed, and > > also as designed, NetworkManager won't attempt to connect to a wireless > > network without that data since it couldn't possibly know which one to > > connect to. > > no offense intended, but I still disagree with that design choice. It means > you > cannot use NM in a situation where you have wireless network and network-based > login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to > already be logged in in order to start the wireless network, which means you > have to have a local account. Oh, one other thing; my personal opinion (as opposed to the occasional-NetworkManager-hacker opinion from my other post) is that requiring network auth at login for laptops is pretty crack unless you're in a very specific environment. I mean...I see the value in single-sign-on systems like Kerberos, but as a user I'd be unhappy if may laptop became a brick if I couldn't access the wireless network temporarily for whatever reason. Not to mention simply taking the laptop on a road trip away from the office. A while ago some Fedora hackers were working on "cached credentials" for PAM; the idea is that when you logged in, the credentials would be cached locally, so that if you were ever away from the network, you could still log in. I'm not sure what the status on that is. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:24 -0400, Derek Atkins wrote: > Moreover, I have a bunch of network services that don't like to startup > without > network. Even now I have to restart ntpd, sendmail, and athena-zhm by hand.. > And I don't even want to think about the hell that OpenAFS would be! It's > just > so much better to start the network earlier, rather than later, regardless of > whether it's a wired or wireless network. These services are dumb, they do not expect network changes at any point. You've got 2 options: 1) Make them aware of NetworkManager by making them dbus-aware 2) Add them to restart scripts which get executed by NetworkManagerDispatcher In the current system, you'd have to do the same thing if you join another network using system-config-network. In the end, we need to make services that depend on the network aware of the fact that you might change it, that your IP address may be different in 30 seconds, etc. We shouldn't limit the scope of stupidity to just startup-time, though we'll hopefully have startup dependencies for Fedora Core 5. > Yea, every once in a blue moon do I need a static IP.. It would be nice to > have > it available. OTOH I don't think it's odd at all to want the network to come > up during the boot sequence. Static IP support is currently complete. You configure it using system-config-network, and NM will pick up the correct static IP information from the profile that's currently active when it starts up. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Colin Walters <[EMAIL PROTECTED]>: > If you're using network login, your computer is tied specifically to > that network; you can't switch networks, which invalidates a lot of the > point of NetworkManager as it is today. For the short term you could > just use your OS native wireless networking scripts, hardcode the > wireless network and WEP key in /etc/whatever. Actually, that's not true at all. I could be in any of a dozen different buildings at MIT, at my house, at Usenix or IETF or some other conference -- and I should be able to use my standard network login from any of those locations. I am not at all tied to a specific network. Moreover, I have a bunch of network services that don't like to startup without network. Even now I have to restart ntpd, sendmail, and athena-zhm by hand.. And I don't even want to think about the hell that OpenAFS would be! It's just so much better to start the network earlier, rather than later, regardless of whether it's a wired or wireless network. > Longer term it probably makes sense to have NetworkManager handle these > oddball cases (including things such as static IP), but there isn't > anyone working on it AFAIK. Yea, every once in a blue moon do I need a static IP.. It would be nice to have it available. OTOH I don't think it's odd at all to want the network to come up during the boot sequence. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:16 -0400, Derek Atkins wrote: > For a standard WEP key I see no reason to keep it per-user. If you're sharing > your machine with multiple people you're generally sharing your network, too. It might not be "my" network. It might be my office versus my girlfriend's bordello (they recently got wireless). Or it might be the WEP key at my friend Joey's house, and Joey is a total jerk about who can access his precious little network. Plus, if its per-user, it can easily be encrypted and stored as a secret. > Besides, once the system is connected to one network it wont change to another > when you logout, so what's the point of not sharing the configuration? > > FWIW, Mac OS X won't connect via wireless until you log in. > > Uhh, I beg to differ. The powerbook I've got right here with me appears to > connect to my WEP-protected wireless network before the login page shows up. Aren't the keys stored in the keyring? Maybe it automatically reconnects to the previous network, but if it cannot find that, I seem to recall it was not able to pull in a key for a different access point until you logged in. Maybe I am wrong, I can check Tiger when I get home. Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > Quoting Dan Williams <[EMAIL PROTECTED]>: > > > All the wireless keys, preferred network, and which networks you're > > actually allowed to connect to are stored per-user, as designed, and > > also as designed, NetworkManager won't attempt to connect to a wireless > > network without that data since it couldn't possibly know which one to > > connect to. > > no offense intended, but I still disagree with that design choice. It means > you > cannot use NM in a situation where you have wireless network and network-based > login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to > already be logged in in order to start the wireless network, which means you > have to have a local account. If you're using network login, your computer is tied specifically to that network; you can't switch networks, which invalidates a lot of the point of NetworkManager as it is today. For the short term you could just use your OS native wireless networking scripts, hardcode the wireless network and WEP key in /etc/whatever. Longer term it probably makes sense to have NetworkManager handle these oddball cases (including things such as static IP), but there isn't anyone working on it AFAIK. I think the value that NetworkManager provides in these cases is as an OS-agnostic frontend for querying network status etc. So maybe we should just have a separate NetworkManagerStatic server with its own backends that has plugins for various systems. signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:14 -0400, Dan Williams wrote: > Intended. If you wanted a wireless network, why would you have a cable > plugged in? If you want a wireless network, why are you docked and why > does the docking station have a cable plugged in? Say if my Ethernet is broken or on a different network. But ... > Though in all fairness, we should probably disable the wireless networks > in the menu when you're plugged in. ... I'd be happy with this. This makes sense. The annoyance is that its selectable and NM listens, but then instantly reverts back. Also toward this end: I posted a patch to make the Wired option a radio, not a check box, showing its mutual exclusion with the wireless networks. I did not hear anything. Any objection to checking that sucker in? Thanks, Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Robert Love <[EMAIL PROTECTED]>: > On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > > > IMNSHO it would be much better to store this information globally so that > NM can > > choose from pre-defined networks before the user is logged in. This > certainly > > works fine for WEP or unprotected networks, and even for shared-key WPA > > networks. It might not work as well for interactive 802.1x > authentication... > > I can see an argument for _also_ storing a set of wireless networks > globally, but the keys and the preferred networks are definitely > per-user. At first I disliked this decision, too, but it definitely > makes sense. For a standard WEP key I see no reason to keep it per-user. If you're sharing your machine with multiple people you're generally sharing your network, too. Besides, once the system is connected to one network it wont change to another when you logout, so what's the point of not sharing the configuration? > > Even Windows will setup the network before the login process, assuming the > > wireless network was configured a priori! How could Windows get something > > right and Linux not? > > Are you serious? ;-) Like a heart attack! > FWIW, Mac OS X won't connect via wireless until you log in. Uhh, I beg to differ. The powerbook I've got right here with me appears to connect to my WEP-protected wireless network before the login page shows up. > Robert Love -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On 7/25/05, Robert Love <[EMAIL PROTECTED]> wrote: > On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > > > IMNSHO it would be much better to store this information globally so that > > NM can > > choose from pre-defined networks before the user is logged in. This > > certainly > > works fine for WEP or unprotected networks, and even for shared-key WPA > > networks. It might not work as well for interactive 802.1x > > authentication... > > I can see an argument for _also_ storing a set of wireless networks > globally, but the keys and the preferred networks are definitely > per-user. At first I disliked this decision, too, but it definitely > makes sense. > is the reasoning behind this decision documented somewhere? I can only find references to it behaving "as designed" and that "it definitely makes sense" to work this way, but can't find why it definitely makes sense. it seems like this could be a very commonly asked question, and the answer to is is definitely not clear. Thanks, -Joe ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 17:05 -0400, Robert Love wrote: > On Mon, 2005-07-25 at 16:57 -0400, Derek Atkins wrote: > > > I've had it fail in weird cases sometimes. I've even had it get into a > > situation where it wouldn't do wired or wireless, and the applet was > > completely > > ineffective in doing anything. A reboot cleared that up, but I think > > there's > > some sort of order-of-operations issue between NM, NM-applet, hal, and dbus > > that can get it all into a very weird state. > > Tangentially, I have a somewhat similar problem where NM won't let me > override its decision: if I am on wired and select a wireless network, > it will switch to the wireless network but moments later switch back to > wired. Intended. If you wanted a wireless network, why would you have a cable plugged in? If you want a wireless network, why are you docked and why does the docking station have a cable plugged in? Though in all fairness, we should probably disable the wireless networks in the menu when you're plugged in. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:54 -0400, Derek Atkins wrote: > IMNSHO it would be much better to store this information globally so that NM > can > choose from pre-defined networks before the user is logged in. This certainly > works fine for WEP or unprotected networks, and even for shared-key WPA > networks. It might not work as well for interactive 802.1x authentication... I can see an argument for _also_ storing a set of wireless networks globally, but the keys and the preferred networks are definitely per-user. At first I disliked this decision, too, but it definitely makes sense. > Even Windows will setup the network before the login process, assuming the > wireless network was configured a priori! How could Windows get something > right and Linux not? Are you serious? ;-) FWIW, Mac OS X won't connect via wireless until you log in. Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Robert Love <[EMAIL PROTECTED]>: > Tangentially, I have a somewhat similar problem where NM won't let me > override its decision: if I am on wired and select a wireless network, > it will switch to the wireless network but moments later switch back to > wired. Yea.. I also can't seem to get it to stop scanning, either, even when it's set to "Search Only When Disconnected" or even "Never Search" -- it still scans. I haven't been successful in tracking this one down, yet. :( > Robert Love -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Dan Williams <[EMAIL PROTECTED]>: > All the wireless keys, preferred network, and which networks you're > actually allowed to connect to are stored per-user, as designed, and > also as designed, NetworkManager won't attempt to connect to a wireless > network without that data since it couldn't possibly know which one to > connect to. no offense intended, but I still disagree with that design choice. It means you cannot use NM in a situation where you have wireless network and network-based login (e.g. Kerberos/Hesiod, NIS, etc). In the current design you have to already be logged in in order to start the wireless network, which means you have to have a local account. IMNSHO it would be much better to store this information globally so that NM can choose from pre-defined networks before the user is logged in. This certainly works fine for WEP or unprotected networks, and even for shared-key WPA networks. It might not work as well for interactive 802.1x authentication... Even Windows will setup the network before the login process, assuming the wireless network was configured a priori! How could Windows get something right and Linux not? > Dan -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:57 -0400, Derek Atkins wrote: > I've had it fail in weird cases sometimes. I've even had it get into a > situation where it wouldn't do wired or wireless, and the applet was > completely > ineffective in doing anything. A reboot cleared that up, but I think there's > some sort of order-of-operations issue between NM, NM-applet, hal, and dbus > that can get it all into a very weird state. Tangentially, I have a somewhat similar problem where NM won't let me override its decision: if I am on wired and select a wireless network, it will switch to the wireless network but moments later switch back to wired. Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Quoting Robert Love <[EMAIL PROTECTED]>: > On Mon, 2005-07-25 at 16:45 -0400, Dan Williams wrote: > > > Yeah, I wasn't sure about it. I just tested it though, and it worked > > for me. The only thing that would make NM _not_ do it is if it doesn't > > know that your wired interface is up, I think? Feel free to investigate > > if you like. As I see it, the code doesn't prohibit wired interfaces > > from coming up when NM starts. > > It has worked for me lately, but has not worked in the past, which is > why I asked. If it works now, I am happy--I definitely think that NM > should try to find an active wired connection without the applet. I've had it fail in weird cases sometimes. I've even had it get into a situation where it wouldn't do wired or wireless, and the applet was completely ineffective in doing anything. A reboot cleared that up, but I think there's some sort of order-of-operations issue between NM, NM-applet, hal, and dbus that can get it all into a very weird state. > Robert Love -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:45 -0400, Dan Williams wrote: > Yeah, I wasn't sure about it. I just tested it though, and it worked > for me. The only thing that would make NM _not_ do it is if it doesn't > know that your wired interface is up, I think? Feel free to investigate > if you like. As I see it, the code doesn't prohibit wired interfaces > from coming up when NM starts. It has worked for me lately, but has not worked in the past, which is why I asked. If it works now, I am happy--I definitely think that NM should try to find an active wired connection without the applet. Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 15:35 -0500, Steev wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Joris Vuffray wrote: > > I just want to have NetworkManager initiate the connection b4 I login in > > gdm. > > > > > > > > I have vpnc installed and the two nm-vpnc-service* installed > > in /usr/bin. ("Disconnect VPN..." is not highlighted). > > It should be a bug on Gentoo. I wonder if someone got it running on this > > distro... > > > > Rgds, > > Joris > > > > This is most likely a Gentoo issue. I have a patch or 2 waiting till > after the first patch I sent gets applied (one removes the nscd > invalidate host cache.) I haven't looked too far into the vpn section > with Gentoo as it seems that vpnc is geared more towards having a Cisco > 3000 or something along those lines (this is what I was told by a friend > who uses vpn's at work) - Is there going to be support for OpenVPN, or > is it in there, and I am just missing it and need to apply another patch > to the Gentoo backend? vpnc works exclusively with Cisco products, yes (I'm fairly sure). However, the VPN support in NM is built with more than 1 VPN client in mind, and somebody said they were looking at OpenVPN support as well. The intention is to have anybody write a VPN connector that hooks into NetworkManager. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:36 -0400, Robert Love wrote: > On Mon, 2005-07-25 at 16:32 -0400, Dan Williams wrote: > > > This isn't something we really support right now, since > > nm-applet/NetworkManagerInfo aren't running before you log in, therefore > > NetworkManager cannot know stored preferences and other per-user config > > information. If you have an Ethernet cable plugged in, NM will most > > likely attempt to use the wired connection. But if you want the > > wireless connection up before you log in, that's not going to happen. > > I've noticed that NM does not always up my Ethernet and here you write > "most likely" -- is this a known bug? Something I can fix? Yeah, I wasn't sure about it. I just tested it though, and it worked for me. The only thing that would make NM _not_ do it is if it doesn't know that your wired interface is up, I think? Feel free to investigate if you like. As I see it, the code doesn't prohibit wired interfaces from coming up when NM starts. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:32 -0400, Dan Williams wrote: > This isn't something we really support right now, since > nm-applet/NetworkManagerInfo aren't running before you log in, therefore > NetworkManager cannot know stored preferences and other per-user config > information. If you have an Ethernet cable plugged in, NM will most > likely attempt to use the wired connection. But if you want the > wireless connection up before you log in, that's not going to happen. I've noticed that NM does not always up my Ethernet and here you write "most likely" -- is this a known bug? Something I can fix? Robert Love ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joris Vuffray wrote: > I just want to have NetworkManager initiate the connection b4 I login in > gdm. > > > > I have vpnc installed and the two nm-vpnc-service* installed > in /usr/bin. ("Disconnect VPN..." is not highlighted). > It should be a bug on Gentoo. I wonder if someone got it running on this > distro... > > Rgds, > Joris > This is most likely a Gentoo issue. I have a patch or 2 waiting till after the first patch I sent gets applied (one removes the nscd invalidate host cache.) I haven't looked too far into the vpn section with Gentoo as it seems that vpnc is geared more towards having a Cisco 3000 or something along those lines (this is what I was told by a friend who uses vpn's at work) - Is there going to be support for OpenVPN, or is it in there, and I am just missing it and need to apply another patch to the Gentoo backend? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5U0u1c+EtXTHkJcRArmbAJ9Jo6OaWm1xjDZRsRtnEeinlL1fIgCdFb4G KGZEZHg5+UZ+RHndVbdAR60= =6di9 -END PGP SIGNATURE- ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 22:13 +0200, Joris Vuffray wrote: > On Mon, 2005-07-25 at 16:01 -0400, Dan Williams wrote: > > On Mon, 2005-07-25 at 21:59 +0200, Joris Vuffray wrote: > > > Nobody? > > > > > > Rgds, > > > Joris > > > > > > Forwarded Message > > > > From: Joris Vuffray <[EMAIL PROTECTED]> > > > > Reply-To: [EMAIL PROTECTED] > > > > To: networkmanager-list@gnome.org > > > > Subject: 2 questions... > > > > Date: Sat, 16 Jul 2005 15:39:03 +0200 > > > > > > > > 1.) Is there a possibility to make networkmanager connect from > > > > commande-line? > > > > dbus-send ? What are you trying to do here that requires controlling > > from the command line? > > I just want to have NetworkManager initiate the connection b4 I login in > gdm. This isn't something we really support right now, since nm-applet/NetworkManagerInfo aren't running before you log in, therefore NetworkManager cannot know stored preferences and other per-user config information. If you have an Ethernet cable plugged in, NM will most likely attempt to use the wired connection. But if you want the wireless connection up before you log in, that's not going to happen. All the wireless keys, preferred network, and which networks you're actually allowed to connect to are stored per-user, as designed, and also as designed, NetworkManager won't attempt to connect to a wireless network without that data since it couldn't possibly know which one to connect to. Dan ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 16:01 -0400, Dan Williams wrote: > On Mon, 2005-07-25 at 21:59 +0200, Joris Vuffray wrote: > > Nobody? > > > > Rgds, > > Joris > > > > Forwarded Message > > > From: Joris Vuffray <[EMAIL PROTECTED]> > > > Reply-To: [EMAIL PROTECTED] > > > To: networkmanager-list@gnome.org > > > Subject: 2 questions... > > > Date: Sat, 16 Jul 2005 15:39:03 +0200 > > > > > > 1.) Is there a possibility to make networkmanager connect from > > > commande-line? > > dbus-send ? What are you trying to do here that requires controlling > from the command line? I just want to have NetworkManager initiate the connection b4 I login in gdm. > > > > 2.) My nm-applet only show "Disconnect VPN..." in the "VPN Connections" > > > menu. Is there something special to configure to create a new VPN > > > connection? > > If you install the VPN connection utilities, then you should get a > "Configure VPN COnnections" item in that menu. Ideally, we wouldn't > even show Disconnect VPN... unless you had some VPNs, that's a bug. > I have vpnc installed and the two nm-vpnc-service* installed in /usr/bin. ("Disconnect VPN..." is not highlighted). It should be a bug on Gentoo. I wonder if someone got it running on this distro... Rgds, Joris -- Joris Vuffray <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
On Mon, 2005-07-25 at 21:59 +0200, Joris Vuffray wrote: > Nobody? > > Rgds, > Joris > > Forwarded Message > > From: Joris Vuffray <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: networkmanager-list@gnome.org > > Subject: 2 questions... > > Date: Sat, 16 Jul 2005 15:39:03 +0200 > > > > 1.) Is there a possibility to make networkmanager connect from > > commande-line? dbus-send ? What are you trying to do here that requires controlling from the command line? > > 2.) My nm-applet only show "Disconnect VPN..." in the "VPN Connections" > > menu. Is there something special to configure to create a new VPN > > connection? If you install the VPN connection utilities, then you should get a "Configure VPN COnnections" item in that menu. Ideally, we wouldn't even show Disconnect VPN... unless you had some VPNs, that's a bug. ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: 2 questions...
Nobody? Rgds, Joris Forwarded Message > From: Joris Vuffray <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: networkmanager-list@gnome.org > Subject: 2 questions... > Date: Sat, 16 Jul 2005 15:39:03 +0200 > > 1.) Is there a possibility to make networkmanager connect from > commande-line? > > 2.) My nm-applet only show "Disconnect VPN..." in the "VPN Connections" > menu. Is there something special to configure to create a new VPN > connection? > > Regards, > Joris > -- Joris Vuffray <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part ___ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list