http://bugzilla.opensuse.org/show_bug.cgi?id=934261 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com Severity|Normal |Enhancement --- Comment #1 from Andreas Stieger --- I consider the bug not valid as filed: The PSK is not encoded, it is simply stored. If it was, it would simply be an obfuscation. Privilege separation between root and regular users is possible, alas you are running the tool as root. If you are referring to secure password storage (which then requires another password) using KWallet or GNOME Keyring, I believe NetworkManager has support for it, wicked (in 13.2) not. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=934261 --- Comment #3 from Greg Freemyer --- That makes sense. System WLAN setups require a root accessible password without a master key. User-level WLANs should be protected via a wallet or key-ring. The bug, if there is one, in my setup is that when I upgraded from openSUSE 13.1 to openSUSE 13.2 I believe I lost the ability to have a system WLAN, but my password remains in /etc/NetworkManager/system-connections/<SSID> At least for me that is something I can (and will) address manually. Therefore making this a feature request for Wicked is fine with me. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=934261 Pawel Wieczorkiewicz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pwieczorkiewicz@suse.com --- Comment #5 from Pawel Wieczorkiewicz --- (In reply to Bernhard Wiedemann from comment #4)

Does wicked even have user-WLANs that would need protection? Otherwise, this could be closed as INVALID.

Wireless password are generally protected at wickedd daemon. See the PR: https://github.com/openSUSE/wicked/pull/225. However, when wickedd-nanny is used, the passwords kept there (either in the config XML structure of workers config node, policy XML structure on registered policy list) could be definitely protected better. Further the logging mechanism of nanny could be checked to avoid dumping full configs/policies into logs. This bug could be used to track this work. However currently there is no user configuration allowed at the wicked. And user access is restricted directly from the dbus policy config files and wicked USERCONTROL= variable check as well. When this is changed we will add support for some existing secret vault like mentioned above. -- You are receiving this mail because: You are on the CC list for the bug.