Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] CatInstaller University of Basel - no certs get installed

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] CatInstaller University of Basel - no certs get installed


Chronological Thread 
  • From: Martin Pauly <pauly AT hrz.uni-marburg.de>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] CatInstaller University of Basel - no certs get installed
  • Date: Wed, 6 Oct 2021 16:30:47 +0200

Hi Tomasz,

On 06.10.21 14:14, Tomasz Wolniewicz wrote:
The easiest way is just ta call it as python3 script_name. Takes a
lot less time than making it executable.

I believe we have dropped support for python2. If you call the script
with python2 then it will try o execute itself with python3 instead
and fail if it cannot find it. Therefore I do not understand the
issue here.

hm, my not-so-old Ubuntu Mate 20.04 LTS has python 2.7 installed by default.
I just realized from two recent support cases (both on the phone, no hands-on
for me)
that unexperienced Linux users quickly get confused about how to get the thing
started at all. IMO this could be worth the additional hint.

So if you happen to auth against a public CA, configuring things
manually really is no big deal. IMO, the only glitch is to call the
Outer Identity "Anonymous Identity", this is a bit misleading.

Well, with a public CA, the server name becomes the crucial element
of security so that you do not trust just any server with the given
CA behind. And this is something that the GUI will not even let you
to add, I think.
Sure server name is essential. And the GUI does let you configure the
server name, both the NetworkManager and the Android GUI call it "Domain".
Which gives me the second part of the double naming glitch I forgot to
mention in my previous post. Since both misleading names are the same
in Android and NetworkManager dialogs, I assume a common source.
I can investigate this when I have some time.
(BTW: Modern Android except Samsung even requires the "Domain" to be filled
in,
accept any of the CAs known to the system, but not allow the dangerous
"do not validate" any more).

But this is about automatic installers, and the outcome of this thread
for me is the wish for a hint, just before download, so users get some idea
what to do with the file.

Cheers, Martin

--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly AT HRZ.Uni-Marburg.DE
D-35032 Marburg

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature




Archive powered by MHonArc 2.6.19.

Top of Page