On Mon, 2006-01-09 at 13:27 -0500, Alan Cox wrote:
On Mon, Jan 09, 2006 at 04:16:08PM +0000, David Woodhouse wrote:
> That doesn't really make much sense in the Linux world -- if the network
> is configured and running then all users on the machine _have_ got
> access to the it. I think there are some iptables hacks around to
The administration may see that differently to the physical topology. We
do actually enforce user level management for some network protocols notably
AX.25 where the authorization to use the radio generally is tied to a user
and multiple users effectively appear as different "addresses"
I'm sure we'll bear that in mind when NetworkManager starts to support
AX.25.
There are cases of systems where it is meaningful to deal with
authentication
and control of interfaces at a user level. Different users having different
WEP keys is one possible case but more common are things like end users
bluetooth connections not being made available to remote users sharing the
system.
> WEP keys set up a system-wide resource which _any_ user of the system
> can then utilise. Networks _aren't_ a per-user resource in practice, and
See example above. They can be. It isnt perhaps the most common situation
but it is a very real one and I've dealt with people who actively wanted to
route some users via different networks or deny them some access and for good
reasons.
I agree that it's possible, although relatively rare and fairly naïve in
the case of IP networks, for network connections to be considered
'per-user', and hence for WEP keys or WPA certificates to be considered
such too. I have no objection to NetworkManager attempting to
accommodate this strange view of the world in _addition_ to the normal
setup.
What I object to is the fact that it no longer supports the _normal_
form of operation, where the network is a system-wide resource, set up
automatically at boot time. I have to actually log in and enter a
password now in order for my machine to connect to the network, and
that's a serious regression.
--
dwmw2