Package: connman Version: 1.42-5 Severity: normal X-Debbugs-Cc: invernom...@paranoici.org
Hello and thanks for maintaining this package in Debian! It works pretty well for most cases (except for the case described in bug report [#1066128]). I have now found another case where connman should work better. [#1066128]: <https://bugs.debian.org/1066128> I have added a configuration file '/var/lib/connman/eduroam.config', as documented in the connman-service.config(5) manpage, in order to connect to eduroam (which, as you may know, is a University wifi network, which uses security type ieee8021x and EAP type peap). It works: I am able to connect to eduroam, by using my University single-sign-on credentials (username and password). However these credentials (especially the password) are stored (in cleartext!) into a subdirectory under /var/lib/connman/ and are remembered for future use. Subdirectories under /var/lib/connman/ are only readable by root, but the connman daemon has access to them and makes their data usable by other unprivileged users of the box (even a laptop may have more than one regular user...). This can be convenient, but has some important drawbacks: * storing passwords in cleartext files (only readable by root) can be considered acceptable for psk wifi networks, where the passphrase is basically a shared secret (known by a number of people), but becomes definitely more troublesome for eduroam wifi network, where the access credentials may be the single-sign-on credentials used to access many other services of one's own University * making eduroam access credentials of one user usable by other users of the system may be considered inappropriate, since eduroam access credentials are personal For these reasons, I would like to configure connman, so that it forgets the eduroam access credentials: connman should ask me to re-enter username and password each time I connect to eduroam, without storing these credentials for future use. This should be configurable on a per-network basis, by setting some appropriate option in '/var/lib/connman/eduroam.config'. I failed to find any relevant option in the documentation. Am I missing anything important? Can this be done for one specific network (eduroam)? If not, please forward my bug report upstream as a feature request. Thanks for your time, bye! -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (800, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=C, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages connman depends on: ii dbus 1.14.10-4 ii init-system-helpers 1.66 ii iptables 1.8.10-3 ii libc6 2.37-15 ii libdbus-1-3 1.14.10-4 ii libglib2.0-0 2.78.4-1 ii libgnutls30 3.8.3-1 ii libreadline8 8.2-3+b1 ii libxtables12 1.8.10-3 Versions of packages connman recommends: ii bluez 5.71-1 pn ofono <none> ii wpasupplicant 2:2.10-21 Versions of packages connman suggests: pn connman-vpn <none> -- no debconf information