[Bug 477970] New: EAP TLS KNetworkManager doesn't work
https://bugzilla.novell.com/show_bug.cgi?id=477970 Summary: EAP TLS KNetworkManager doesn't work Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: i386 OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ben.kevan@gmail.com QAContact: qa@suse.de Found By: --- User-Agent: Opera/10.00 (X11; Linux i686 ; U; en) Presto/2.2.0 When trying to setup EAP TLS with KNetworkManager on openSUSE 11.1 running KDE 3.5.10 and NetworkManager: rpm -qa | grep -i networkmanager NetworkManager-0.7.0.r4323-2.1 NetworkManager-glib-0.7.0.r4323-2.1 NetworkManager-kde-0.7r848570-34.1 it doesn't seem to hold the certificate config, and I don't ever see anything getting setup in wpa_supplement.conf (not sure if it's supposed to set up wpa_supplement or a different conf, but I do know it doesn't work.. Reproducible: Always Steps to Reproduce: 1. Setup EAP TLS Using WPA Enterprise with KNetworkmanager 2.Try to connect (it never tries, since I believe the certificate isn't attached) 3. Weep Actual Results: No connection at all (doesn't even try to attach to the configured connection Expected Results: Wireless connectivity with my certificates and browsing the internet using awesome EAP-TLS Hope this works soon -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|bnc-team-screening@forge.pr |hschaa@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 User hschaa@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=477970#c1 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hschaa@novell.com Component|Network |Network AssignedTo|hschaa@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 11.1 |openSUSE 11.2 --- Comment #1 from Helmut Schaa <hschaa@novell.com> 2009-03-03 04:10:35 MST --- Unfortunately, that's right. However I don't think we can fix this for KNM3 in 11.1 anymore. I hope we can get EAP-TLS support into KNM4 for 11.2. Moving to 11.2. Reassigning to Will. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 User ben.kevan@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=477970#c2 --- Comment #2 from Ben Kevan <ben.kevan@gmail.com> 2009-03-03 10:04:35 MST --- What's the functional reason it will not work? Also, is there ANY way this will actually make it into SLED 11 (SLED11 is based on openSUSE 11.1). This is a very important feature for us in the enterprise as we require TLS-EAP AUTH for our internal wireless networks. Thank you -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 User hschaa@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=477970#c3 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zoz@novell.com --- Comment #3 from Helmut Schaa <hschaa@novell.com> 2009-03-03 10:17:52 MST --- (In reply to comment #2)
What's the functional reason it will not work?
With the introduction of NM 0.7 the frontend (KNM) is responsible to decrypt the private key certificate and pass the decrypted cert to NM. And this is simply not implemented in KNM (3 and 4) :(
Also, is there ANY way this will actually make it into SLED 11
SLED11 currently uses the same KNM3 as 11.1 and KNM4 does not implement EAP-TLS either. The only option to get EAP-TLS support with SLED11/11.1 is currently nm-applet or yast + ifup. Sorry. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 User novell@moonlightdesign.org added comment https://bugzilla.novell.com/show_bug.cgi?id=477970#c4 --- Comment #4 from Steven Lawrance <novell@moonlightdesign.org> 2009-03-03 11:17:56 MST --- nm-applet appears to be the way to go in openSUSE 11.1, and it actually lists the available networks when you click on it, too. KNetworkManager 3 appears to only list trusted networks, decreasing its usability somewhat, though arguably increasing security. I actually prefer KNetworkManager 3's approach by listing only trusted networks, and now that my HP laptop is now fully functional in 11.1, including suspend to disk and RAM, I might spend some time to get this added into KNetworkManager 3. I can't make any promises, though it is an itch to scratch for me. Knowing OpenSSL pretty well should also help with getting private key decryption added, though I personally don't have my private key encrypted with a passphrase, so unencrypted keys will personally be my highest priority. Again, I can't make any promises, though I'll post more if I am successful with that and have a patch. I might just end up getting nm-applet working on my system and abandon KNetworkManager 3 in 11.1... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 User ben.kevan@gmail.com added comment https://bugzilla.novell.com/show_bug.cgi?id=477970#c5 --- Comment #5 from Ben Kevan <ben.kevan@gmail.com> 2009-03-04 12:59:37 MST --- Steven, That would be awesome.. glad to hear you make that promise (just kidding).. I may do the same thing (dump knetworkmanager and go nm-applet).. but I like knetworkmanager a whole lot better. Let me know what route you're going to go.. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=477970 Helmut Schaa <hschaa@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com