cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Daniele Albrizio <albrizio AT units.it>
- To: cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Security warning in Linux Mint 21
- Date: Fri, 25 Nov 2022 09:54:36 +0100
This is common to major linux desktop distributions.
nm-applet (GUI) does not show the option that makes network manager verify the valid certificate is issued for precisely your home server (altsubject-match or DN match).
What nm-applet does not show, it cannot manage to save. So if you save the network manager profile installed by CAT installer with nm-applet, even without modification, it will break your CAT configuration (in the way it removes attributes nm-applet does not know but network manager uses).
Once upon a time this was done silently!. Someone complained so now fortunately you have a warning.
The suggestion is never to modify cat installed profile as there should be no reason to edit them to make the connection work.
On 25/11/22 08:25, Tomasz Wolniewicz (via cat-users Mailing List) wrote:
Thanks for reporting.--
Can you let me know which institution you are using. Perhaps there is something special in the settings that causes this.
altsubject-matches is an important property it takes care of checking that you are connecting to a proper home server. So far we never got a report about such behaviour.
Yours
Tomasz Wolniewicz
W dniu 24.11.2022 o 18:12, pisze:
Hello,
I am running Linux Mint 21 (based on Ubuntu 22.04) on my computer and
just set up eduroam using your python installer script.
It worked just fine, but when editing the connection in the
NetworkManager, i see a warning that says: "Unsupported properties:
802-1x.altsubject-matches".
The text above says that some settings are not supported by the provider
and will be removed when I save.
Is this a possible security risk if the setting isn't applied? I have
red that it is related some verification.
Best Regards
To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users
-------------------------------------------
Daniele Albrizio
Università degli Studi di Trieste | University of Trieste
Ufficio Reti di Ateneo | University Networks Office
Via Alfonso Valerio 12 - 34127 Trieste (Italy)
daniele.albrizio AT units.it
Tel. | Ph. +39 040 558 3319
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [[cat-users]] Security warning in Linux Mint 21
- Re: [[cat-users]] Security warning in Linux Mint 21, Tomasz Wolniewicz, 11/25/2022
- Re: [[cat-users]] Security warning in Linux Mint 21, Daniele Albrizio, 11/25/2022
- Re: [[cat-users]] Security warning in Linux Mint 21, Tomasz Wolniewicz, 11/25/2022
Archive powered by MHonArc 2.6.19.