On Mon, 2006-01-09 at 13:27 -0500, Alan Cox wrote:
On Mon, Jan 09, 2006 at 04:16:08PM +0000, David Woodhouse wrote:
That doesn't really make much sense in the Linux world -- if the network is configured and running then all users on the machine _have_ got access to the it. I think there are some iptables hacks around to
The administration may see that differently to the physical topology. We do actually enforce user level management for some network protocols notably AX.25 where the authorization to use the radio generally is tied to a user and multiple users effectively appear as different "addresses"
I'm sure we'll bear that in mind when NetworkManager starts to support AX.25.
There are cases of systems where it is meaningful to deal with authentication and control of interfaces at a user level. Different users having different WEP keys is one possible case but more common are things like end users bluetooth connections not being made available to remote users sharing the system.
WEP keys set up a system-wide resource which _any_ user of the system can then utilise. Networks _aren't_ a per-user resource in practice, and
See example above. They can be. It isnt perhaps the most common situation but it is a very real one and I've dealt with people who actively wanted to route some users via different networks or deny them some access and for good reasons.
I agree that it's possible, although relatively rare and fairly naïve in the case of IP networks, for network connections to be considered 'per-user', and hence for WEP keys or WPA certificates to be considered such too. I have no objection to NetworkManager attempting to accommodate this strange view of the world in _addition_ to the normal setup.
What I object to is the fact that it no longer supports the _normal_ form of operation, where the network is a system-wide resource, set up automatically at boot time. I have to actually log in and enter a password now in order for my machine to connect to the network, and that's a serious regression.