On Thu, 2009-03-19 at 00:48 +1030, Tim wrote:
> On Wed, 2009-03-18 at 11:54 +0000, Timothy Murphy wrote:
> > Am I alone in thinking the "per user" paradigm is crazy?
> > How many people actually have WiFi laptops used by several people
> > who want to connect in different ways?
>
> How many average users would have a wireless access point that lets them
> have different user logons?
>
> Every one that I've seen has just ONE set of logon credentials for
> everything that connects to it. I strikes me that this per-user idea is
> being implemented in the wrong way. It could only work for something
> beyond the actual wireless connection.
Any serious enterprise?
WPA with PEAP is standard here. User credentials are checked against a
system-wide userid/password directory. Only credentialed
employees/students can gain access to the campus network. Guests have a
separate, restricted network that is open for anyone.
There certainly are reasons to support system-wide, on-boot connections,
but per-user connections are a good model for many mobile apps.
Now, my laptop doesn't get much use from different users, but I do have
to control many different connections:
* home (WPA)
* office (WPA/PEAP)
* Jittery Joe's (NOT Starbucks!)
* remote office I visit frequently (currently WPA)
* homes of several different friends, family, and colleagues
(typically WPA or WEP)
* hotels and airports (and Starbucks 8^( ) when I travel
(Web-authenticated access)
* remote work locations (could be anything).
Accessing those on boot doesn't make much sense (how would I choose
which connection when multiple ones are visible, and how would I
authenticate?), and I don't do much with the laptop that doesn't involve
being logged in.
I don't think my usage pattern is all that unique.
Per-user access controls in NM do have one problem: once I've
authenticated, if I log out, the connection stays up and the next user
is still authenticated with my credentials. For work, that would be a
problem if the machine were actually multi-user and I didn't trust other
users, because the network managers expect the logged in user to be the
authenticated user. For other locations, it might be a problem if the
next user isn't authorized.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
