Mailinglist Archive: opensuse-features (542 mails)

< Previous Next >
[openFATE 305356] 802.1x authentication on wired network using YaST via wpa_supplicant
  • From: fate_noreply@xxxxxxx
  • Date: Wed, 15 Dec 2010 19:04:38 +0100 (CET)
  • Message-id: <feature-305356-17@xxxxxxxxxxxxxx>
Feature changed by: Vladimir Botka (vbotka)
Feature #305356, revision 17
Title: 802.1x authentication on wired network using YaST via
wpa_supplicant

openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-06-09 15:20:27
reject reason: Interesting feature but I don't see the relevance for
openSUSE 11.2 right now.
Priority
Requester: Desirable

Requested by: Marius Tomaschewski (mtomaschewski)
Project Manager: (Novell)
Engineering Manager: (Novell)
Developer: (Novell)
Partner organization: openSUSE.org

Description:
Some networks using 802.1x authentication on metallic Ethernet and I
think it would be cool have a possibility, handle this connection type
using YaST.
The major problem to support this is that the wpa_supplicant is in
/usr/sbin; it seems also to be difficult to move it to /sbin because of
all the libs the wpa_supplicant is using.
What would be required, is to extent the "supported_on_localfs"
function to check this and start the interface in remotefs flow when
802.1x is enabled. That is, using remotefs on 802.1x authenticated
interfaces would be not possible -- same as with NetworkManager.

Relations:
- 802.1x authentication on wired network using YaST via wpa_supplicant
(novell/bugzilla/id: 438133)
https://bugzilla.novell.com/show_bug.cgi?id=438133

Discussion:
#2: Holger Dyroff (escubar) (2008-11-04 09:16:58)
Is this related/duplicate to 305353 or something else?

#3: Marius Tomaschewski (mtomaschewski) (2008-12-04 13:02:35) (reply to
#2)
Yes, it is related. This feature requests to add support of 802.1x
authentication (in the for the "traditional" network setup method alias
ifup alias netcontrol).
Feature 305353 requests the autodetection of 802.1x and can be
considered as extension of this feature.
Autodetection in "traditional" method is not possible at the moment,
because the tools (wpa_supplicant) and libraries (ssl at least)
required for 802.1x are installed bellow of /usr and enabling it would
break /usr on nfs and smb.
Moving them (ssl, krb5 & co) to /lib and wpa_supplicant to /sbin would
IMO make sense anyway, since they're required in many cases - also for
NFSv4 with GSSAPI...

#4: Vladimir Botka (vbotka) (2010-12-14 19:19:35) (reply to #3)
Yes. While "/sbin shall be used for systems binaries needed to boot the
machine and configure basic services" I believe that wpa_supplicant
belongs to /sbin. But quick test of moving wpa_* from /usr/sbin to
/sbin reveals that NetworkManager stops working.

+ #5: Vladimir Botka (vbotka) (2010-12-15 19:04:14) (reply to #4)
+ Updated the dbus *.service file solved the problem. But more serious
+ problem in SP1 is that wpa_supplicant uses libraries installed in
+ /usr/lib (/usr/lib/libssl.so /usr/lib/libcrypto.so). These libraries
+ has been already moved to /lib in 11.3. Once the rpm of these libraries
+ moved to /lib are available I'm going to build a wpa_supplicant
+ package.



--
openSUSE Feature:
https://features.opensuse.org/305356

< Previous Next >
This Thread
References