[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 276378] New: 802.1X GUI doesn't allow to specify the server name
From:       Stefan Winter <swinter () kde ! org>
Date:       2011-06-24 7:15:58
Message-ID: bug-276378-17878 () http ! bugs ! kde ! org/
[Download RAW message or body]

https://bugs.kde.org/show_bug.cgi?id=276378

           Summary: 802.1X GUI doesn't allow to specify the server name
           Product: knetworkmanager
           Version: 0.9
          Platform: openSUSE RPMs
        OS/Version: Linux
            Status: NEW
          Severity: wishlist
          Priority: NOR
         Component: 802.1x
        AssignedTo: wstephenson@kde.org
        ReportedBy: swinter@kde.org


Version:           0.9 (using KDE 4.6.0) 
OS:                Linux

The KNetworkManager GUI allows to specify many parameters to IEEE 802.1X
security, but not the server name validation (CN).
This is almost trivial to add, as it is perfectly possible to specify this
parameter in wpa_supplicant.conf. It is
network={
...
subject_match=thename
}

Being able to specify the exact expected server name is an important security
property if *not* using self-signed certificates or private CAs.

I'm an R&D engineer in a major 802.1X-based roaming consortium
(www.eduroam.org) and a fan/former developer of KDE; and the lack of this
feature has always been a bit of a grief for me. Would be nice if this could be
changed in the future.

(Somewhat unrelated to this bug: we are working on scripted installers for
eduroam on many platforms - is there a command-line API to inject new configs
into KNetworkManager? Or would I have to try and play directly with
$KDEHOME/share/config/knetworkmanagerrc ? )

Reproducible: Always

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
[prev in list] [next in list] [prev in thread] [next in thread]