I work for a school and we are setting up some ubuntu laptops for student use. The wireless password needs to be secure so students can't connect their personal devices onto the network. The problem we are facing right now is that the network manager lets you view the saved wireless passwords in plain text. I changed the permissions of the network config editor so students can connect to any other networks or even pull up the editor to view the password. So that fixed the problem.. So I thought.. I just realized that if the laptop can not connect to the network then it pops up an authentication needed error box and with the show password check box available again.. So students can figure out the wireless password. Does anyone know where I can turn off that checkbox option? Would it be under gconf-editor to a specific file?
Right now I have no work around so the laptops are sitting in my office and won't be able to be used until I have a solution.
Current config – ubuntu 10.04
currently have /home/username/.gconf/apps/nm-applet set to chmod 000 along with /usr/bin/nm-connection-editor set to 000 also. This is how I blocked access the password but when that box auto pops up because it can't connect and gives them the password on a silver platter its kind of hard to allow the students to use them.. BTW I am not the network admin so I can't just change that it only accepts wireless by mac address.. we have over 5000 machines on the network and roughly half have wireless so they aren't going to switch over any time soon.
Best Answer
Setup the wireless network as an admin, and check the box to make the connection "Available to all users" at the bottom of the dialog when you edit the wireless network.
Ok, so let me be more verbose and explicit:
Now, the connection will be configured automatically at boot, other users are able to use the network, but if they try to edit that network, they'll be asked to input your password. Failing to do that, means not being able to edit that connection, hence not being able to see the password.
If indeed, like you say, students can see the password when the connection fails, then that is a bug to be fixed, and not worked around. It's quite obvious that users should not be able to read other peoples personal information.