Re: Query on setting ca-path and ca-cert with dbus for 802.1x

ing the CA alone you are still prone to MITM (CVE-2006-7246). cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) ___ networkmanag

Re: [PATCH] firewall-manager: allow dhcpv6-client service

Jiri Popelka wrote: > On 03/07/2012 10:26 AM, Ludwig Nussel wrote: >> Jiri Popelka wrote: >>> Tell firewall to allow dhcpv6-client service for the given zone prior >>> to starting dhcpv6 client. We don't need to wait for the response >> That looks odd to m

Re: [PATCH] firewall-manager: allow dhcpv6-client service

Jiri Popelka wrote: > Tell firewall to allow dhcpv6-client service for the given zone prior > to starting dhcpv6 client. We don't need to wait for the response That looks odd to me. Why doesn't the zone config already allow dhcpv6 by default? cu Ludwig -- (o_ Ludwig Nussel

Re: NM 0.9 asks for PK auth without need

lege automatically authorizes another. That could be of help here. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) ___ net

Re: [PATCH] remove AP always on device disconnect

Dan Williams wrote: > On Tue, 2011-10-11 at 16:51 +0200, Ludwig Nussel wrote: >> Dan Williams wrote: >>> On Fri, 2011-10-07 at 15:21 +0200, Ludwig Nussel wrote: >>>> This avoids immediate reconnect after link timeout to an AP that may no >>>> longer e

Re: NM 0.9 asks for PK auth without need

Dan Williams wrote: > On Tue, 2011-10-11 at 16:23 +0200, Ludwig Nussel wrote: >> [...] >> 1. user clicks on ESSID he wants to connect to >> 2. nm-applet shows the new connection edit dialog and posts results to NM >> 3. NM asks PK for auth >> 4. NM creates the n

Re: [PATCH] remove AP always on device disconnect

Dan Williams wrote: > On Fri, 2011-10-07 at 15:21 +0200, Ludwig Nussel wrote: >> This avoids immediate reconnect after link timeout to an AP that may no >> longer exist (down/out of range). This also avoids needless prompting for a >> password for the no longer existing AP.

Re: NM 0.9 asks for PK auth without need

Dan Williams wrote: > On Fri, 2011-10-07 at 15:43 +0200, Ludwig Nussel wrote: > > Ludwig Nussel wrote: > > > 802.11x connections that are configured to always prompt for the > > > password also always require polkit authentication (bgo#646187). > > So the PK

Re: NM 0.9 asks for PK auth without need

Ludwig Nussel wrote: > 802.11x connections that are configured to always prompt for the > password also always require polkit authentication (bgo#646187). Here's a potentially embarrassing patch to fix or rather work around the issue. Improvements welcome, I don't really know

[PATCH] remove AP always on device disconnect

This avoids immediate reconnect after link timeout to an AP that may no longer exist (down/out of range). This also avoids needless prompting for a password for the no longer existing AP. --- src/nm-device-wifi.c | 12 +++- 1 files changed, 3 insertions(+), 9 deletions(-) diff --git a

[PATCH] glib 2.30.0 doesn't have g_value_get_schar yet

--- libnm-util/nm-param-spec-specialized.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/libnm-util/nm-param-spec-specialized.c b/libnm-util/nm-param-spec-specialized.c index f0ca1d9..7496cb6 100644 --- a/libnm-util/nm-param-spec-specialized.c +++ b/libnm-util/nm-param

[PATCH] fix stop condition of while loop

--- src/supplicant-manager/nm-supplicant-manager.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/supplicant-manager/nm-supplicant-manager.c b/src/supplicant-manager/nm-supplicant-manager.c index 0e9fc20..349f722 100644 --- a/src/supplicant-manager/nm-supplicant-man

NM 0.9 asks for PK auth without need

r 802.1x it would make sense to also not store the user name globally. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) >From b2a51325d95ad89bea62bed5cce63c1290a2f92d Mon Sep 17

Re: [PATCH 0/4] Network Zones support

iptables for address configuration so the core DHCP feature should be fine. If the DHCP client or some hook script performs e.g. DNS lookups working connection tracking might be needed though. As long as the firewall always has a fallback rule that allows such kind of traffic for unassigned interfac

Re: [PATCH 0/4] Network Zones support

if the firewall resets the interface rules to a restrictive set on connection termination. Btw, how does NM or rather nm-applet know what zone names are valid? I suppose there needs to be dbus service that returns a list of zones (with translations, descriptions, icons, ...), right? cu Ludwig

Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)

to argue that keeping a WiFi > passphrase in the user session is worthwhile in most cases... > > Thoughts? Make it so! :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Mark

Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)

as? What should the defaults be? Require authorization for anything unusual. I know noone who needs to modify connections all the time. On the contrary, users starting to mess with network settings that worked before usually indicates an error condition. cu Ludwig -- (o_ Ludwig Nussel //

Re: location based firewall

-zone-switcher-updated/ http://www.gitorious.org/opensuse/fwzs What's missing is to listen for NM dbus events to automatically switch zones. Last time I checked it wasn't straight forward (at least to me for an afternoon hack) to get the necessary information from NM. cu Ludwig -- (o_

Re: Removing user settings services

session? Terminating a connection on log out makes sense if it's charged per time at least, like plain old modem connections. That avoids having to accidentally pay for the connection while noone actually uses the computer. cu Ludwig -- (o_ Ludwig Nussel //

Re: X session and hostname changing policy

Dan Williams wrote: > On Tue, 2010-06-22 at 09:14 +0200, Ludwig Nussel wrote: > > Dan Williams wrote: > > > On Mon, 2010-06-14 at 23:16 +0300, Fırat Birlik wrote: > > > > I experience a problem with hostname manipulation of NetworkManager > > > > and th

Re: X session and hostname changing policy

exist) no new application can be started > > afterwards. > > The solution is *not* to use hostname for local X authentication at all. Even if that problem didn't exist... What's the benefit of allowing a DHCP server in a foreign network to modify the hostname by default anyways?

Re: UI for dealing with certs appears insecure

l_Twin_problem_with_WPA2-Enterprise_v1.1.pdf cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) ___ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list

Re: [RFC] Fast-user-switching plans

José Queiroz wrote: > 2010/5/21 Ludwig Nussel : > > Daniel Gnoutcheff wrote: > >> I've been spending some time thinking about how to get N-M to work with > >> fast-user-switching. Here are some possible solutions that I have heard of > >>

Re: [RFC] Fast-user-switching plans

e user that tries to start a connection) if storing them in plain text globally isn't desired. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) ___ networkmanager-list

Re: The state of firewall management...

SuSEfirewall2 you configure zones and then associate interfaces to zones): http://lizards.opensuse.org/2009/07/10/1453/ Ideally it should't need a separate tray icon of course. That could be achieved by NM storing the zone for a network itself, ie your 'security level' tag. Another opt