kcmwifi, KNetworkManager, wpa_supplicant

Stefan Winter swinter at kde.org
Fri Apr 7 19:15:40 BST 2006


been away for some time and am trying to catch up with k-c-d, so this is a 
wrap-up mail for all the comments I stumbled over in the digest...

> I would love to see the good parts from kwifimanager (the systray
> look&feel) merged into knetworkmanager. Maybe I'll do that myself somewhen.

KWiFiManager the stand-alone app is just accessing the NIC "read-only"; so you 
should be able to use it together with KNetworkManager (just don't scan - 
that disconnects you *shortly* from your net).

> Right now, kwifimanager is just barely useable, because it can't initiate
> scans when running as non-root user, and therefore can't discover networks
> at all.

Admitted, and this is something wpa_supplicant does for you. Forgot to mention 
that in my original mail - scanning is controlled via the same group 
mechanisms as the rest of the commands in wpa_supplicant.

> > This is an utility that can only handle WEP currently, but at least has a
> > daemon running in the background.
> I'm not sure where you read that. It can handle WEP and WPA as well as NFS
>   remounts and VPN connectivity. Its slowly becoming the tool of choice for
> people who frequently roam between networks.

Well, I didn't use it before and looked into the home page's wiki. I thought 
that might be a good place to learn about it. I suppose I was wrong.

> > I am aware that KNetworkManager does also other things, i.e. wired LAN.
> > That's a plus for it. But doing WLAN layer 2 *right* is damn difficult,
> > so it's IMHO a far better idea to trust this to people that can dedicate
> > their efforts towards it and not do a one-size-fits-all approach.
> I'm not sure where the "difficult" part in WLAN comes from. could you
> elaborate?

It's easy *if* you stick to what's called "personal security", aka "pre-shared 
keys", both in WEP and WPA1/2. The tricky part comes with "Enterprise" 
security (dynamic WEP, WPA1/2 Enterprise), where you have to implement a 
complete protocol stack (IEEE 802.1X). What makes life difficult is that you 
need to constantly monitor the management frames on the MAC layer (something 
you usually never see with e.g. ethereal, unless you go into "monitor" mode). 
At every point in time during being connected, the network may decide that it 
needs you to re-authenticate, and you better catch that notification. Also, 
you must be prepared for the arrival of key change notifications at any time 
and calculate new keys from a keying seed that is sent to you.
Re-authentications themselves require you to support a fleabag of 
authentication payloads, some of them really non-trivial.

> Sure, except that one cannot run both in parallel, since they will interfer
> with each other.

As said, unless you scan, they shouldn't hurt each other.

> Right, NM, and KNM, use wpa_supplicant to handle everything down to WPA-EAP 

Okay, nice. The wiki should be updated.

> and WEP over WPA.  That's concrete, implemented feature.

Uh, no. There is no such thing as WEP over WPA. I'm rather sure you mean 
something else. But what?



The K Desktop Environment
- Stefan Winter -
Areas of Activity:
kdenetwork/wifi (KWiFiManager)
kde-i18n/de (German translation)

More information about the kde-core-devel mailing list