WORK IN PROGRESS

Summary

Include pam_keyring and networkmanager's vpn plugins in edgy to make for a complete networkmanager experience.

Rationale

There are parts of networkmanager that are not included in the ubuntu distribution, mainly pam_keyring an vpn plugins.

The vpn plugins are part of network manager, and provide a gui for configuring vpn software such as openvpn, vpnc. They were not included in dapper's networkmanager 0.6, as they were only discovered after deep feature freeze. The current situation is quite confusing, as networkmanager has the vpn-properties dialouge, however it is useless without any plugins.

Pam_keyring is a plugin for PAM, which allows gdm login to unlock the gnome-keyring. This helps networkmanager by removing the requirement for it to ask for a password immeaditly after login, to access gnome-keyring which stores encrypted wep/wpa keys.

Use cases

Dazza goes to uni, where the wireless network requires a vpn login. Once set up, he can connect to the vpn with two clicks of the mouse using networkmanager.

Shazza uses network manager to connect to her WEP secured home network. With pam_keyring, she only needs to enter her password once to have her network connected desktop avalaible.

Scope

This is about having a vpn plugins package avalaible for install alongisde relevent vpn tools and networkmanager, not including vpn tools in networkmanager or the plugins package, keeping the current, simplified networmanager as default.

Networkmanager 0.7 will remove the need for pam_keyring, however, it is not released yet.

Implementation

Package vpn plugins from networkmanager, which lives on gnome ftp. IT appears that the plugins are not in the release tarballs, and must be checked out from cvs, where they live in the vpn-daemons subdirectory of networkmanager.

Users have attached debs of some plugins to bug 37110, and there is a forum thread.

Package vpn-daemons. There is a forum thread.

Unresolved issues

Autheticating the gnome-keyring using pam has been mentioned as a security issue. Will need someone to look at this before pushing ahead with the pam_keyring side of things.

pam_keyring will only work if the gnome-keyring password is the same as the users password.


CategorySpec

CompleteNetworkManager (last edited 2008-08-06 16:27:10 by localhost)