ing the CA alone
you are still prone to MITM (CVE-2006-7246).
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
___
networkmanag
Jiri Popelka wrote:
> On 03/07/2012 10:26 AM, Ludwig Nussel wrote:
>> Jiri Popelka wrote:
>>> Tell firewall to allow dhcpv6-client service for the given zone prior
>>> to starting dhcpv6 client. We don't need to wait for the response
>> That looks odd to m
Jiri Popelka wrote:
> Tell firewall to allow dhcpv6-client service for the given zone prior
> to starting dhcpv6 client. We don't need to wait for the response
That looks odd to me. Why doesn't the zone config already allow dhcpv6
by default?
cu
Ludwig
--
(o_ Ludwig Nussel
lege
automatically authorizes another. That could be of help here.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
___
net
Dan Williams wrote:
> On Tue, 2011-10-11 at 16:51 +0200, Ludwig Nussel wrote:
>> Dan Williams wrote:
>>> On Fri, 2011-10-07 at 15:21 +0200, Ludwig Nussel wrote:
>>>> This avoids immediate reconnect after link timeout to an AP that may no
>>>> longer e
Dan Williams wrote:
> On Tue, 2011-10-11 at 16:23 +0200, Ludwig Nussel wrote:
>> [...]
>> 1. user clicks on ESSID he wants to connect to
>> 2. nm-applet shows the new connection edit dialog and posts results to NM
>> 3. NM asks PK for auth
>> 4. NM creates the n
Dan Williams wrote:
> On Fri, 2011-10-07 at 15:21 +0200, Ludwig Nussel wrote:
>> This avoids immediate reconnect after link timeout to an AP that may no
>> longer exist (down/out of range). This also avoids needless prompting for a
>> password for the no longer existing AP.
Dan Williams wrote:
> On Fri, 2011-10-07 at 15:43 +0200, Ludwig Nussel wrote:
> > Ludwig Nussel wrote:
> > > 802.11x connections that are configured to always prompt for the
> > > password also always require polkit authentication (bgo#646187).
>
> So the PK
Ludwig Nussel wrote:
> 802.11x connections that are configured to always prompt for the
> password also always require polkit authentication (bgo#646187).
Here's a potentially embarrassing patch to fix or rather work around
the issue. Improvements welcome, I don't really know
This avoids immediate reconnect after link timeout to an AP that may no longer
exist (down/out of range). This also avoids needless prompting for a password
for the no longer existing AP.
---
src/nm-device-wifi.c | 12 +++-
1 files changed, 3 insertions(+), 9 deletions(-)
diff --git a
---
libnm-util/nm-param-spec-specialized.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libnm-util/nm-param-spec-specialized.c
b/libnm-util/nm-param-spec-specialized.c
index f0ca1d9..7496cb6 100644
--- a/libnm-util/nm-param-spec-specialized.c
+++ b/libnm-util/nm-param
---
src/supplicant-manager/nm-supplicant-manager.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/supplicant-manager/nm-supplicant-manager.c
b/src/supplicant-manager/nm-supplicant-manager.c
index 0e9fc20..349f722 100644
--- a/src/supplicant-manager/nm-supplicant-man
r 802.1x it would make sense to also not store the user name
globally.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
16746 (AG Nürnberg)
>From b2a51325d95ad89bea62bed5cce63c1290a2f92d Mon Sep 17
iptables for address configuration so the core
DHCP feature should be fine. If the DHCP client or some hook script
performs e.g. DNS lookups working connection tracking might be needed
though. As long as the firewall always has a fallback rule that
allows such kind of traffic for unassigned interfac
if the firewall resets the interface
rules to a restrictive set on connection termination.
Btw, how does NM or rather nm-applet know what zone names are valid?
I suppose there needs to be dbus service that returns a list of zones
(with translations, descriptions, icons, ...), right?
cu
Ludwig
to argue that keeping a WiFi
> passphrase in the user session is worthwhile in most cases...
>
> Thoughts?
Make it so! :-)
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Mark
as? What should the defaults be?
Require authorization for anything unusual. I know noone who needs
to modify connections all the time. On the contrary, users starting
to mess with network settings that worked before usually indicates
an error condition.
cu
Ludwig
--
(o_ Ludwig Nussel
//
-zone-switcher-updated/
http://www.gitorious.org/opensuse/fwzs
What's missing is to listen for NM dbus events to automatically
switch zones. Last time I checked it wasn't straight forward (at
least to me for an afternoon hack) to get the necessary information
from NM.
cu
Ludwig
--
(o_
session?
Terminating a connection on log out makes sense if it's charged per
time at least, like plain old modem connections. That avoids having
to accidentally pay for the connection while noone actually uses the
computer.
cu
Ludwig
--
(o_ Ludwig Nussel
//
Dan Williams wrote:
> On Tue, 2010-06-22 at 09:14 +0200, Ludwig Nussel wrote:
> > Dan Williams wrote:
> > > On Mon, 2010-06-14 at 23:16 +0300, Fırat Birlik wrote:
> > > > I experience a problem with hostname manipulation of NetworkManager
> > > > and th
exist) no new application can be started
> > afterwards.
>
> The solution is *not* to use hostname for local X authentication at all.
Even if that problem didn't exist... What's the benefit of allowing
a DHCP server in a foreign network to modify the hostname by default
anyways?
l_Twin_problem_with_WPA2-Enterprise_v1.1.pdf
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
___
networkmanager-list mailing list
networkmanager-list@gnome.org
http://mail.gnome.org/mailman/listinfo/networkmanager-list
José Queiroz wrote:
> 2010/5/21 Ludwig Nussel :
> > Daniel Gnoutcheff wrote:
> >> I've been spending some time thinking about how to get N-M to work with
> >> fast-user-switching. Here are some possible solutions that I have heard of
> >>
e user that tries to start a connection) if
storing them in plain text globally isn't desired.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
___
networkmanager-list
SuSEfirewall2 you
configure zones and then associate interfaces to zones):
http://lizards.opensuse.org/2009/07/10/1453/
Ideally it should't need a separate tray icon of course. That could
be achieved by NM storing the zone for a network itself, ie your
'security level' tag. Another opt
25 matches
Mail list logo