[pkg-wpa-devel] Bug#644251: Bug#644251: wpasupplicant: please make it possible to query for passphrases

Sebastian Harl tokkee at debian.org
Fri Oct 7 12:31:13 UTC 2011 

Hi,

On Fri, Oct 07, 2011 at 01:55:29PM +0200, Stefan Lippers-Hollmann wrote:
> On Friday 07 October 2011, Sebastian Harl wrote:
> > On Tue, Oct 04, 2011 at 04:47:08PM +0200, Stefan Lippers-Hollmann wrote:
> > > On Tuesday 04 October 2011, Sebastian Harl wrote:
> > > [...]
> > > > 
> > > > it would be nice to be able to let wpa-supplicant query for PSKs /
> > > > passphrases / whatever when configuring a network in interfaces(5). This
> > > > is useful, for example, on shared notebooks or similar.
> > > > 
> > > > The attached patch allows to specify 'wpa-ask-pass yes' or 'wpa-ask-psk
> > > > yes' in interfaces(5). The passphrase / PSK will then be read from stdin
> > > > when running 'ifup <iface>'.
> > > 
> > > How do you imagine this to work, especially considering the auto/ allow
> > > hotplug cases in /etc/network/interfaces (ifupdown integration)?
> > 
> > Hrm, my use-case is using 'ifup' manually once the system is up. Since
> > there is no (native) support for auto-detection (afaik) of wireless
> > networks, I'd imagine that I'm not the only one doing it that way. (This
> > is unless you're using stuff like NM or wicd -- but in those cases my
> > approach is not needed anyway. In fact it's my preferred replacement for
> > those tools, which allows me to have full control over what is
> > happening.)
> 
> Did you try a roaming setup with wpasupplicant?
[…]
> This allows automatic roaming and handover without n-m, wicd, etc., 
> further info about possible configuration options is under
> /usr/share/doc/wpasupplicant/ and /usr/share/doc/wpasupplicant/examples

Oh, I didn't know about that so far. Sounds great, though :-) Thanks!

> The remaining use case is so specialized:
> 
> - must not use auto/ allow-hotplug in /e/n/i
> - using a controlling terminal, ideally with X access, in an 
>   interactive way is mandatory
> - ESSID (usually short) is fixed, but the psk (hopefully long and 
>   complex, 63 characters ASCII or 64 hexadecimal digits) needs to be 
>   typed every time
> 
> that I personally don't consider this to be a viable option for the 
> wpasupplicant packages in Debian, because potential users will expect
> it to work with auto/ allow-hotplug on boot (similar to booting from an
> encrypted rootfs).

While I think this could be handled by a note in the documentation, this
might still cause some unnecessary noise by users not reading the
documentation (I've been told such people exist ;-)). So, please feel
free to close the bug or tag it wontfix (I'll leave that up to you, else
I'd have closed the bug already).

> > > For this particular use case of not storing a psk to disk, wouldn't it 
> > > be easier to use wpa_cli or wpa_gui instead, or to make use of a higher
> > > level networking interface (e.g. network-manager, wicd, or a simple 
> > > custom tools or dæmon making use of wpasupplicant's D-Bus interface)?
> > 
> > Well, I don't like NM, wicd or other stuff doing certain kinds of magic
> > in the background. That's why I like being able to define logical
> > interfaces in interfaces(5) and decide on my own, which configuration to
> > use. Imho, that's the easiest approach to solving my use case.
> 
> I don't like those either, less because of their "magic", but rather 
> because of their dependencies (D-Bus) and what I consider massive bugs
> (not configurable without X or in and editor, connections might drop
> on upgrade (lovely, if you're upgrading over ssh/ wlan, etc. pp.)

Ack! Those are some more reasons not to use them ;-)

Thanks for your detailed and fast feedback!

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety.         -- Benjamin Franklin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20111007/bc3c4eee/attachment.pgp>

More information about the Pkg-wpa-devel mailing list