[pkg-wpa-devel] Bug#644251: Bug#644251: wpasupplicant: please make it possible to query for passphrases
Sebastian Harl
tokkee at debian.org
Fri Oct 7 08:01:37 UTC 2011
Hi,
On Tue, Oct 04, 2011 at 04:47:08PM +0200, Stefan Lippers-Hollmann wrote:
> On Tuesday 04 October 2011, Sebastian Harl wrote:
> [...]
> >
> > it would be nice to be able to let wpa-supplicant query for PSKs /
> > passphrases / whatever when configuring a network in interfaces(5). This
> > is useful, for example, on shared notebooks or similar.
> >
> > The attached patch allows to specify 'wpa-ask-pass yes' or 'wpa-ask-psk
> > yes' in interfaces(5). The passphrase / PSK will then be read from stdin
> > when running 'ifup <iface>'.
>
> How do you imagine this to work, especially considering the auto/ allow
> hotplug cases in /etc/network/interfaces (ifupdown integration)?
Hrm, my use-case is using 'ifup' manually once the system is up. Since
there is no (native) support for auto-detection (afaik) of wireless
networks, I'd imagine that I'm not the only one doing it that way. (This
is unless you're using stuff like NM or wicd -- but in those cases my
approach is not needed anyway. In fact it's my preferred replacement for
those tools, which allows me to have full control over what is
happening.)
Anyway, I'm fully aware that my approach is not suitable for all cases
but that's why I've added a completely new (and independent of all
others) option to enable this.
> > The querying could also be done using zenity/kdialog/whatever -- if the
> > general approach is fine for you, I'd be happy to modify the patch
> > accordingly.
>
> The only way I can see this patch working, is if you
> strictly don't use /etc/network/interfaces and exclusively invoke
> ifup/ ifdown from a controlling terminal.
Well, using /etc/network/interfaces is still fine but the appropriate
interfaces should not be marked 'auto*'.
In my case, I've got a few logical interfaces for "known" (wireless)
networks and depending on where I am, I'm brining up the appropriate
logical interface using 'ifup'.
> Looking at your
> zenity/kdialog/whatever suggestion it would even have to share the
> MIT X11 session cookie to be able to display your X11 based dialog,
> which would be totally impossible to invoke from ifupdown.
Hrm, why would that be impossible? You can still run ifup/ifdown from
some X-terminal. My zenity/kdialog/whatever suggestion was meant to be
optional, i.e., I'd check if some X11 display and session cookie would
be available and fall back to 'read' (and possibly an error message if
there is no controlling tty) else.
> For this particular use case of not storing a psk to disk, wouldn't it
> be easier to use wpa_cli or wpa_gui instead, or to make use of a higher
> level networking interface (e.g. network-manager, wicd, or a simple
> custom tools or dæmon making use of wpasupplicant's D-Bus interface)?
Well, I don't like NM, wicd or other stuff doing certain kinds of magic
in the background. That's why I like being able to define logical
interfaces in interfaces(5) and decide on my own, which configuration to
use. Imho, that's the easiest approach to solving my use case.
As mentioned above, I'm fully aware that this does not fit all use-cases
but imho my approach does not interfere with anything else and others
might benefit from that as well -- that's why I proposed to include it
in the package.
Cheers,
Sebastian
--
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/
Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20111007/50d4f675/attachment.pgp>
More information about the Pkg-wpa-devel
mailing list