From Fedora Project Wiki

(Created page with '<!-- The actual name of your feature page should look something like: Features/YourFeatureName. This keeps all features in the same namespace --> = Network Manager System Conne...')
 
No edit summary
Line 5: Line 5:


== Sommario ==
== Sommario ==
Add full support for system-wide connections to NetworkManager.
Aggiunto a NetworkManager pieno supporto per connessioni di rete system-wide.


== Progettista ==
== Progettista ==
* Name: [[DanWilliams|Dan Williams]]
* Nome: [[DanWilliams|Dan Williams]]
* email: dcbw@redhat.com
* email: [mailto:dcbw@redhat.com dcbw@redhat.com]


== Current status ==
== Stato corrente ==
* Targeted release: [[Releases/12 | Fedora 12]]  
* Release: [[Releases/12| Fedora 12]]  
* Last updated: 2009-08-02
* Ultimo aggiornamento: visita [[Features/NetworkManagerSystemConnections#Current_status | (en-wiki)]]
* Percentage of completion: 100%
* Completato


System connections work for wired and wireless.
Le connessioni di rete funzionano per sistemi con/senza cavi.
Support for other kinds of connections, such as 3G may be added at a later point.
Supporto per altri tipi di connesioni, come 3G potranno essere aggiunti in futuro.


== Detailed Description ==
== Descrizione dettagliata ==
(quick background: user & system connections... user connections are the ones stored in GConf and are private to the user. For stuff like VPNs where you dont' want everyone to have access to some particular network resource if you fast-user-switch or whatever. System connections are available to all users, *and* available before login and at boot time)
(breve ripasso: connessioni utente & di sistema... le connessioni utente sono quelle registrate in GConf e sono ad uso esclusivo dell'utente. Per VPN e simili non si vuole che ognuno possa avere accesso a particolari risorse di rete se si usa Cambio utente rapido (''fast-user-switch'') o altro. Le connessioni di sistema sono diponibili per tutti, '''e''' soprattutto prima del login e all'avvio del sistema).


NetworkManager has been able to read information about system-wide network connections from /etc/sysconfig for a while. This feature is about enabling full read-write support for system connections. The ability to create or modify new system connections will be controlled by PolicyKit policies.
NetworkManager può leggere le informazioni su connesioni di rete sistemi-wide in /etc/sysconfig. Ciò per garantire pieno supporto in lettura/scrittura alle connessioni. La possibilità di creare o modificare le nuove connessioni sarà controllata dalla policy.


Initially, only wired/wireless connections will be supported. Later on, vpn connections will follow.
Inizialmente, solo le connessioni con/senza fili saranno supportate. Successivamente, anche le connessioni vpn.


For connections that require secrets, those will be stored in keys files in /etc/sysconfig.
Per le connessioni che richiedono riservatezza, esse saranno registrate in file criptati in /etc/sysconfig.


== Benefit to Fedora ==
Makes NetworkManager a fully featured replacement for the aging system-config-network tool (for 90% of all use cases, there's still some exotic stuff left, like bridging and bonding).


== Scope ==
== Vantaggi per Fedora ==
The feature requires changes in NetworkManager and nm-applet. To enable the same functionality in other frontend, they will need changes as well.
E' una valida alternativa all'oramai vetusto system-config-network.


Part of this feature is defining suitable keys for network-related /etc/sysconfig files to hold all the information that NetworkManager has about a connection.  
== Altre informazioni ==
Per:
* Obbiettivi
* Test Plan
* Esperienza Utente
* Dipendenze
* Progetto corrente
* Documentazione
* Note di rilascio
* Commenti e Discussioni
visitare la en-wiki [[Features/NetworkManagerSystemConnections | Features: Network Manager System Connections]].


== How To Test ==
NM uses PolicyKit to provide fine-grained access control to specific features, and ensure that the system administrator can control what specific users can and cannot do.  Examples of "permissions" that NM defines are ones like allowing users to edit system-wide connections, or creating open adhoc networks, etc.
PolicyKit is a mechanism to require the user to personally authenticate themselves through a password or something else that ensures that the user is actually sitting in front of the computer and not some malicious program.  Think of PolicyKit like the PIN on your debit-card: it proves that you are who you say you are.
PolicyKit is used mainly in the connection editor.  When editing a "system-wide" connection, or attempting to convert a 'user' connection into a system-wide connection.  In these cases, if the administrator has allowed the user to authenticate themselves before editing the system connection, the user will be required to enter a password (usually the root password) before the operation succeeds.  The administrator can also block the user from doing so, in which case the connection manager will not allow the user to make changes to that connection.  You can test this by changing the file:
/usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy
and looking for the lines of "allow_active" for each specific permission that NetworkManager defines.  A value of "auth_admin_keep" means that the user only has to authorize themselves once, and thereafter the authorization is cached and they are no longer asked for their password.  A value of "auth_admin" means they are asked for their password every time.  A value of "no" means they are denied that permission completely.
Test cases revolve around modifying that .policy file and ensuring that the connection editor behaves as expected; for example:
# change the org.freedesktop.network-manager-settings.system.modify permission to "auth_admin"
# start the connection editor
# attempt to edit "System eth0"
# ensure that the editor asks for the root password
# ensure that the resulting window allows you to edit the options
# change some random option like "Connect automatically"
# Hit Apply
# double-click the "System eth0" connection again
# ensure that the editor asks for the root password again (since we didn't use auth_admin_keep, it'll ask every time)
# ensure that "Connect automatically" is still set the same way you did in step 6
# hit Apply
# change the org.freedesktop.network-manager-settings.system.modify permission to "no"
# ensure that you cannot double-click the "system eth0" connection and that when that connection is selected, the "Edit" button is insensitive
To test setting a connection as "system wide" and thus exercising the config parsing and writing backends:
# ensure you have PolicyKit permission edit system connections by making sure the system.modify permission is "auth_admin" or "auth_admin_keep"
# edit a non-system wired or wifi connection using nm-connection-editor
# Check the "Available to all users" checkbox
# hit the apply button
# Look for a file named /etc/sysconfig/network-scripts/ifcfg-<name of connection you just edited>
# ensure that the file's contents looks valid
# if the connection required any passwords, look for the file /etc/sysconfig/network-scripts/keys-<name of connection>
# ensure the passwords are correct
== User Experience ==
Users will be able to use NetworkManager with system-wide connections and be happy.
Longer-term, we will be able to remove system-config-network from the default install,
and shrink the administration menu, which helps users too.
== Dependencies ==
None
== Contingency Plan ==
Keep system connections read-only in NetworkManager. system-config-network is still available in any case.
== Documentation ==
Not at this point. Documentation that will be needed at some point includes documentation of the new /etc/sysconfig keys.
== Release Notes ==
NetworkManager can now create and edit system-wide network connections in /etc/sysconfig.
== Comments and Discussion ==
* See [[Talk:Features/NetworkManagerSystemConnections]] 




[[Category:FeatureAcceptedF12]]
[[Category:FeatureAcceptedF12]]

Revision as of 10:07, 24 January 2010


Network Manager System Connections

Sommario

Aggiunto a NetworkManager pieno supporto per connessioni di rete system-wide.

Progettista

Stato corrente

Le connessioni di rete funzionano per sistemi con/senza cavi. Supporto per altri tipi di connesioni, come 3G potranno essere aggiunti in futuro.

Descrizione dettagliata

(breve ripasso: connessioni utente & di sistema... le connessioni utente sono quelle registrate in GConf e sono ad uso esclusivo dell'utente. Per VPN e simili non si vuole che ognuno possa avere accesso a particolari risorse di rete se si usa Cambio utente rapido (fast-user-switch) o altro. Le connessioni di sistema sono diponibili per tutti, e soprattutto prima del login e all'avvio del sistema).

NetworkManager può leggere le informazioni su connesioni di rete sistemi-wide in /etc/sysconfig. Ciò per garantire pieno supporto in lettura/scrittura alle connessioni. La possibilità di creare o modificare le nuove connessioni sarà controllata dalla policy.

Inizialmente, solo le connessioni con/senza fili saranno supportate. Successivamente, anche le connessioni vpn.

Per le connessioni che richiedono riservatezza, esse saranno registrate in file criptati in /etc/sysconfig.


Vantaggi per Fedora

E' una valida alternativa all'oramai vetusto system-config-network.

Altre informazioni

Per:

  • Obbiettivi
  • Test Plan
  • Esperienza Utente
  • Dipendenze
  • Progetto corrente
  • Documentazione
  • Note di rilascio
  • Commenti e Discussioni

visitare la en-wiki Features: Network Manager System Connections.