On 7/15/07, Aaron Konstam <[EMAIL PROTECTED]> wrote: > On Sun, 2007-07-15 at 09:14 -0400, Dan Williams wrote: > > On Fri, 2007-07-13 at 19:19 -0400, Darren Albers wrote: > > > I think Cisco is just acknowledging the obvious and longstanding > > > weaknesses in LEAP and is doing the right thing and advising their > > > customers to move to PEAP which works the same from the users > > > prospective. > > > > LEAP has been steadily going away for a long time, because there are > > well-known exploitable vulnerabilities (dictionary attacks on your > > password) that have been around for at least 3 or 4 years. LEAP > > hasn't > > been considered secure for a long time. Dynamic WEP with 802.1x is > > actually better, but only if you change your WEP key really often. > > > > LEAP also sucks because you can't know whether or not an AP supports > > it > > from the beacon, which is what WPA[2] fixes quite nicely. > > > The above sort of misses several points. One does not have the power to > decide what authorization method an access point supplier uses. I use > LEAP because that is what the University I was contacting uses. > > Second, if NM advertises it supports LEAP it should support LEAP. Until > last week it did not at least on Fedora 7.
It did support it but a patch broke it, it wasn't caught since you can't test LEAP without Cisco AP's or a LEAP network which none of the dev's have access to. > > Third, I am now informed that NM supports PEAP and other EAPs. Does it? > Has anyone actually tried it? I hope so. In addition this ability is > pretty well hidden in the lists of options that nm-applet displays. I > would probably not have found it if Darren Albers had showed me how. > > I have used PEAP and EAP-TLS successfully before. It isn't really hidden, it is under connect to other network.... If NM detects a network using EAP then the PEAP or EAP-TLS options are shown. If your network is not broadcasting and you need to select the options manually you will need to select connect to other network so I /think/ all the places you would need to find it are covered. As Dan stated in an earlier post LEAP was different because you can't tell if it is just a normal WEP network or a LEAP network. _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
