On 19/04/2019 23.26, Dave Howorth wrote:
On Fri, 19 Apr 2019 23:02:43 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 19/04/2019 02.23, Dave Howorth wrote:
On Thu, 18 Apr 2019 21:30:07 +0200 "Carlos E. R." <> wrote:
which is the key, in clear text.
Ouch! Doubleplusungood.
I don't know what that word means :-D But I found it.
<https://www.urbandictionary.com/define.php?term=doubleplusungood>
Consider that if it is not done that way, the WiFi can not connect before the desktop is open and the user types the password, possibly another one for the vault.
I confess I never use NM and rarely use wi-fi at all, so I may be spouting nonsense :)
Storing passwords in cleartext is *always* a bad idea. Surely connecting to the wi-fi is something that should require the user's credentials; I may not want somebody logging in as guest to be able to access my network resources. I don't see why the act of logging in (with a password or other credentials) could not also enable wi-fi access as well as start the desktop?
Because that's the meaning of system connection wifi. It works before anybody logs in, automatically, after booting, same as the cable. The file is only readable by root, anyway.
Another vault would be required from "root", to be typed during boot. Problematic if nobody logs in locally.
You seem to have a different use case to what I am thinking of. An IOT device? I expect there are ways to avoid plaintext password storage in such cases, but I don't know what they are.
Simply any machine that has daemons that need working before anybody logins. A server that has wifi without cable. Whatever. The thing is, as soon as the wifi is defined "system", the password is in clear. It can be encrypted, but the key must be accessible without password, so anybody with physical access can read it. He uses the key file to open the encrypted file. And anybody with physical access can connect a cable, anyway. If you define the connection as "user connection", then it can go to the vault, and it will not work till the user logins. Your router also has the password stored in the clear, if you get access to its filesystem. If your phone connects to the WiFi before you open the display with a pattern or pin, it stores the wifi password in clear. But it will not tell you what it is. The SIM pin code is not needed, either. That gives me an idea for Daniel: convert the connection to a system connection. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.1 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org