Fedora Core 4 Test Update: NetworkManager-0.5.1-1.FC4.1
David Woodhouse
dwmw2 at infradead.org
Tue Jan 10 03:40:33 UTC 2006
On Mon, 2006-01-09 at 13:27 -0500, Alan Cox wrote:
> On Mon, Jan 09, 2006 at 04:16:08PM +0000, David Woodhouse wrote:
> > That doesn't really make much sense in the Linux world -- if the network
> > is configured and running then all users on the machine _have_ got
> > access to the it. I think there are some iptables hacks around to
>
> The administration may see that differently to the physical topology. We
> do actually enforce user level management for some network protocols notably
> AX.25 where the authorization to use the radio generally is tied to a user
> and multiple users effectively appear as different "addresses"
I'm sure we'll bear that in mind when NetworkManager starts to support
AX.25.
> There are cases of systems where it is meaningful to deal with authentication
> and control of interfaces at a user level. Different users having different
> WEP keys is one possible case but more common are things like end users
> bluetooth connections not being made available to remote users sharing the
> system.
>
> > WEP keys set up a system-wide resource which _any_ user of the system
> > can then utilise. Networks _aren't_ a per-user resource in practice, and
>
> See example above. They can be. It isnt perhaps the most common situation
> but it is a very real one and I've dealt with people who actively wanted to
> route some users via different networks or deny them some access and for good
> reasons.
I agree that it's possible, although relatively rare and fairly naïve in
the case of IP networks, for network connections to be considered
'per-user', and hence for WEP keys or WPA certificates to be considered
such too. I have no objection to NetworkManager attempting to
accommodate this strange view of the world in _addition_ to the normal
setup.
What I object to is the fact that it no longer supports the _normal_
form of operation, where the network is a system-wide resource, set up
automatically at boot time. I have to actually log in and enter a
password now in order for my machine to connect to the network, and
that's a serious regression.
--
dwmw2
More information about the fedora-test-list
mailing list