Feature changed by: Holger Dyroff <hd@novell.com> Feature #305356, revision 4 Title: 802.1x authentication on wired network using YaST via wpa_supplicant openSUSE-11.2: New Priority Requester: Desirable Requested by: Marius Tomaschewski <mt@novell.com> Partner organization: openSUSE.org Description: Some networks using 802.1x authentication on metallic Ethernet and I think it would be cool have a possibility, handle this connection type using YaST. The major problem to support this is that the wpa_supplicant is in /usr/sbin; it seems also to be difficult to move it to /sbin because of all the libs the wpa_supplicant is using. What would be required, is to extent the "supported_on_localfs" function to check this and start the interface in remotefs flow when 802.1x is enabled. That is, using remotefs on 802.1x authenticated interfaces would be not possible -- same as with NetworkManager. + Discussion: + #2: Holger Dyroff <hd@novell.com> (2008-11-04 09:16:58) + Is this related/duplicate to 305353 or something else? -- openSUSE Feature: https://features.opensuse.org/?rm=feature_show&id=305356

Feature changed by: Sebastian Rösgen (palimpseste) Feature #305356, revision 8 Title: 802.1x authentication on wired network using YaST via wpa_supplicant openSUSE-11.2: New Priority Requester: Desirable Requested by: Marius Tomaschewski (mtomaschewski) + Interested: Sebastian Rösgen (palimpseste) Interested: Stefan Behlert (sbehlert) Partner organization: openSUSE.org Description: Some networks using 802.1x authentication on metallic Ethernet and I think it would be cool have a possibility, handle this connection type using YaST. The major problem to support this is that the wpa_supplicant is in /usr/sbin; it seems also to be difficult to move it to /sbin because of all the libs the wpa_supplicant is using. What would be required, is to extent the "supported_on_localfs" function to check this and start the interface in remotefs flow when 802.1x is enabled. That is, using remotefs on 802.1x authenticated interfaces would be not possible -- same as with NetworkManager. Relations: - 802.1x authentication on wired network using YaST via wpa_supplicant (novell/bugzilla/id: 438133) https://bugzilla.novell.com/show_bug.cgi?id=438133 Discussion: #2: Holger Dyroff (escubar) (2008-11-04 09:16:58) Is this related/duplicate to 305353 or something else? #3: Marius Tomaschewski (mtomaschewski) (2008-12-04 13:02:35) (reply to #2) Yes, it is related. This feature requests to add support of 802.1x authentication (in the for the "traditional" network setup method alias ifup alias netcontrol). Feature 305353 requests the autodetection of 802.1x and can be considered as extension of this feature. Autodetection in "traditional" method is not possible at the moment, because the tools (wpa_supplicant) and libraries (ssl at least) required for 802.1x are installed bellow of /usr and enabling it would break /usr on nfs and smb. Moving them (ssl, krb5 & co) to /lib and wpa_supplicant to /sbin would IMO make sense anyway, since they're required in many cases - also for NFSv4 with GSSAPI... -- openSUSE Feature: https://features.opensuse.org/?rm=feature_show&id=305356

Feature changed by: Vladimir Botka (vbotka) Feature #305356, revision 16 Title: 802.1x authentication on wired network using YaST via wpa_supplicant openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger) reject date: 2009-06-09 15:20:27 reject reason: Interesting feature but I don't see the relevance for openSUSE 11.2 right now. Priority Requester: Desirable Requested by: Marius Tomaschewski (mtomaschewski) Project Manager: (Novell) Engineering Manager: (Novell) Developer: (Novell) Partner organization: openSUSE.org Description: Some networks using 802.1x authentication on metallic Ethernet and I think it would be cool have a possibility, handle this connection type using YaST. The major problem to support this is that the wpa_supplicant is in /usr/sbin; it seems also to be difficult to move it to /sbin because of all the libs the wpa_supplicant is using. What would be required, is to extent the "supported_on_localfs" function to check this and start the interface in remotefs flow when 802.1x is enabled. That is, using remotefs on 802.1x authenticated interfaces would be not possible -- same as with NetworkManager. Relations: - 802.1x authentication on wired network using YaST via wpa_supplicant (novell/bugzilla/id: 438133) https://bugzilla.novell.com/show_bug.cgi?id=438133 Discussion: #2: Holger Dyroff (escubar) (2008-11-04 09:16:58) Is this related/duplicate to 305353 or something else? #3: Marius Tomaschewski (mtomaschewski) (2008-12-04 13:02:35) (reply to #2) Yes, it is related. This feature requests to add support of 802.1x authentication (in the for the "traditional" network setup method alias ifup alias netcontrol). Feature 305353 requests the autodetection of 802.1x and can be considered as extension of this feature. Autodetection in "traditional" method is not possible at the moment, because the tools (wpa_supplicant) and libraries (ssl at least) required for 802.1x are installed bellow of /usr and enabling it would break /usr on nfs and smb. Moving them (ssl, krb5 & co) to /lib and wpa_supplicant to /sbin would IMO make sense anyway, since they're required in many cases - also for NFSv4 with GSSAPI... + #4: Vladimir Botka (vbotka) (2010-12-14 19:19:35) (reply to #3) + Yes. While "/sbin shall be used for systems binaries needed to boot the + machine and configure basic services" I believe that wpa_supplicant + belongs to /sbin. But quick test of moving wpa_* from /usr/sbin to + /sbin reveals that NetworkManager stops working. -- openSUSE Feature: https://features.opensuse.org/305356

Feature changed by: Ian Monroe (eean) Feature #305356, revision 18 Title: 802.1x authentication on wired network using YaST via wpa_supplicant openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger) reject date: 2009-06-09 15:20:27 reject reason: Interesting feature but I don't see the relevance for openSUSE 11.2 right now. Priority Requester: Desirable + openSUSE Distribution: Unconfirmed + Priority + Requester: Desirable Requested by: Marius Tomaschewski (mtomaschewski) Partner organization: openSUSE.org Description: Some networks using 802.1x authentication on metallic Ethernet and I think it would be cool have a possibility, handle this connection type using YaST. The major problem to support this is that the wpa_supplicant is in /usr/sbin; it seems also to be difficult to move it to /sbin because of all the libs the wpa_supplicant is using. What would be required, is to extent the "supported_on_localfs" function to check this and start the interface in remotefs flow when 802.1x is enabled. That is, using remotefs on 802.1x authenticated interfaces would be not possible -- same as with NetworkManager. Relations: - 802.1x authentication on wired network using YaST via wpa_supplicant (novell/bugzilla/id: 438133) https://bugzilla.novell.com/show_bug.cgi?id=438133 Discussion: #2: Holger Dyroff (escubar) (2008-11-04 09:16:58) Is this related/duplicate to 305353 or something else? #3: Marius Tomaschewski (mtomaschewski) (2008-12-04 13:02:35) (reply to #2) Yes, it is related. This feature requests to add support of 802.1x authentication (in the for the "traditional" network setup method alias ifup alias netcontrol). Feature 305353 requests the autodetection of 802.1x and can be considered as extension of this feature. Autodetection in "traditional" method is not possible at the moment, because the tools (wpa_supplicant) and libraries (ssl at least) required for 802.1x are installed bellow of /usr and enabling it would break /usr on nfs and smb. Moving them (ssl, krb5 & co) to /lib and wpa_supplicant to /sbin would IMO make sense anyway, since they're required in many cases - also for NFSv4 with GSSAPI... #4: Vladimir Botka (vbotka) (2010-12-14 19:19:35) (reply to #3) Yes. While "/sbin shall be used for systems binaries needed to boot the machine and configure basic services" I believe that wpa_supplicant belongs to /sbin. But quick test of moving wpa_* from /usr/sbin to /sbin reveals that NetworkManager stops working. #5: Vladimir Botka (vbotka) (2010-12-15 19:04:14) (reply to #4) Updated the dbus *.service file solved the problem. But more serious problem in SP1 is that wpa_supplicant uses libraries installed in /usr/lib (/usr/lib/libssl.so /usr/lib/libcrypto.so). These libraries has been already moved to /lib in 11.3. Once the rpm of these libraries moved to /lib are available I'm going to build a wpa_supplicant package. + #6: Ian Monroe (eean) (2012-11-27 19:31:40) + 4 years later, this would still be useful. :) -- openSUSE Feature: https://features.opensuse.org/305356

Feature changed by: Kai Dupke (kdupke) Feature #305356, revision 20 Title: 802.1x authentication on wired network using YaST via wpa_supplicant openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger) reject date: 2009-06-09 15:20:27 reject reason: Interesting feature but I don't see the relevance for openSUSE 11.2 right now. Priority Requester: Desirable openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Marius Tomaschewski (mtomaschewski) Partner organization: openSUSE.org Description: Some networks using 802.1x authentication on metallic Ethernet and I think it would be cool have a possibility, handle this connection type using YaST. The major problem to support this is that the wpa_supplicant is in /usr/sbin; it seems also to be difficult to move it to /sbin because of all the libs the wpa_supplicant is using. What would be required, is to extent the "supported_on_localfs" function to check this and start the interface in remotefs flow when 802.1x is enabled. That is, using remotefs on 802.1x authenticated interfaces would be not possible -- same as with NetworkManager. Relations: - 802.1x authentication on wired network using YaST via wpa_supplicant (novell/bugzilla/id: 438133) https://bugzilla.novell.com/show_bug.cgi?id=438133 Discussion: #2: Holger Dyroff (escubar) (2008-11-04 09:16:58) Is this related/duplicate to 305353 or something else? #3: Marius Tomaschewski (mtomaschewski) (2008-12-04 13:02:35) (reply to #2) Yes, it is related. This feature requests to add support of 802.1x authentication (in the for the "traditional" network setup method alias ifup alias netcontrol). Feature 305353 requests the autodetection of 802.1x and can be considered as extension of this feature. Autodetection in "traditional" method is not possible at the moment, because the tools (wpa_supplicant) and libraries (ssl at least) required for 802.1x are installed bellow of /usr and enabling it would break /usr on nfs and smb. Moving them (ssl, krb5 & co) to /lib and wpa_supplicant to /sbin would IMO make sense anyway, since they're required in many cases - also for NFSv4 with GSSAPI... #4: Vladimir Botka (vbotka) (2010-12-14 19:19:35) (reply to #3) Yes. While "/sbin shall be used for systems binaries needed to boot the machine and configure basic services" I believe that wpa_supplicant belongs to /sbin. But quick test of moving wpa_* from /usr/sbin to /sbin reveals that NetworkManager stops working. #5: Vladimir Botka (vbotka) (2010-12-15 19:04:14) (reply to #4) Updated the dbus *.service file solved the problem. But more serious problem in SP1 is that wpa_supplicant uses libraries installed in /usr/lib (/usr/lib/libssl.so /usr/lib/libcrypto.so). These libraries has been already moved to /lib in 11.3. Once the rpm of these libraries moved to /lib are available I'm going to build a wpa_supplicant package. #6: Ian Monroe (eean) (2012-11-27 19:31:40) 4 years later, this would still be useful. :) #7: phil osophe (posophe) (2012-11-28 11:25:02) The Factory team is actually working on Wicked implementation. For more informations, please see http://bootstrapping-awesome.org/schedule/#osc-60 and http://gitorious.org/wicked/wicked. Regards + #9: Kai Dupke (kdupke) (2015-04-22 16:33:57) (reply to #7) + The first link shows some awesome flowers on a Chinese web page, not + sure if the link is still up to date. + According to the what's supported page it isn't available in wicked + meanwhile, right? + #8: Kai Dupke (kdupke) (2015-04-22 16:28:33) + What is the status or ETA to 802.1x support by YaST2 - would be awesome + to make this easy to use for non networkmanager scenarios. -- openSUSE Feature: https://features.opensuse.org/305356