+ Post New Thread
Results 1 to 14 of 14
Mac Thread, Leopard 10.5 airport in Technical; Storing wireless keys in keychain access util ? Is there anyway to encrypt the wireless key so that it is ...
  1. #1

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363

    Leopard 10.5 airport

    Storing wireless keys in keychain access util ?

    Is there anyway to encrypt the wireless key so that it is not viewable so that we can add or allow students to use wireless without them being able to view the wep or wpa key ?

    If they go into keychain access and view keychains they are able to go to the system section and double click on any of the added in wireless access points and tick the show password check box and it shows them the wep / wpa key which we do not want.

    Any help much appreicated

    Thanks

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    It prompts me for an administrator account when I do this...

  3. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    The student owns the laptop and has admin privs so if she found out about keychain the student could easily enter in the admin password to display the wireless key

  4. #4

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,126
    Thank Post
    215
    Thanked 1,255 Times in 786 Posts
    Blog Entries
    4
    Rep Power
    505
    then why are you letting her attach it to your wireless?

  5. #5

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    so they can work on there own laptops without using an ethernet port because there are no ethernet ports in the classroom bar maybe one or two but those are for the sims or staff machines.

    side tracking a bit, anyway - is there a way of doing it so that the student can not access or view the wireless key via the keychain access util ?
    Last edited by mac_shinobi; 25th January 2008 at 02:41 PM.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    Quote Originally Posted by gecko View Post
    so they can work on there own laptops without using an ethernet port because there are no ethernet ports in the classroom bar maybe one or two but those are for the sims or staff machines.

    side tracking a bit, anyway - is there a way of doing it so that the student can not access or view the wireless key via the keychain access util ?
    No, I don't think there is I'm afraid.

    I think your only bet would be to introduce some form of network authentication, so that non-authorised machines couldn't connect even with the password.

    Just a quick note, joining a laptop to the network which doesn't belong to the school could cause problems with the DPA. Do the SMT know about and support this?

  7. #7

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    whats DPA and SMT ?

  8. #8

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,126
    Thank Post
    215
    Thanked 1,255 Times in 786 Posts
    Blog Entries
    4
    Rep Power
    505
    DPA = Data protection Act

    SMT = Senior Management Team

  9. #9

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    we have joined a quite a lot of students windows laptops and this is the first mac laptop that we have gotten with regards to joining to the network wirelessly, so am guessing so.

  10. #10
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    you also now have the problem of this password being passed around and now anyone can bypass you to join your network (not good!!)

  11. #11

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    Quote Originally Posted by gaz350 View Post
    you also now have the problem of this password being passed around and now anyone can bypass you to join your network (not good!!)
    2nd you on the "not good!"

  12. #12

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    oh. dear.

    Hi Shane.

    The Keychain files themselves are actually encrypted. The problems with your scenario are that:

    1. The student *is* the administrator of the laptop
    2. Therefore the student has the Keychain Password and can read the passwords stored in their account Keychain.

    There isn't any way around this that I can think of so long as you aren't managing the machines via Open Directory. Sorry.

    Now you would be best resetting the wireless encryption key and risking the onslaught, explaining that you can't give out the key securely. There needs to be some "edge" security to your network.

    Take care,

    Paul

  13. #13

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,235
    Thanked 1,044 Times in 966 Posts
    Rep Power
    363
    Quote Originally Posted by kingswood View Post
    Hi Shane.

    The Keychain files themselves are actually encrypted. The problems with your scenario are that:

    1. The student *is* the administrator of the laptop
    2. Therefore the student has the Keychain Password and can read the passwords stored in their account Keychain.

    There isn't any way around this that I can think of so long as you aren't managing the machines via Open Directory. Sorry.

    Now you would be best resetting the wireless encryption key and risking the onslaught, explaining that you can't give out the key securely. There needs to be some "edge" security to your network.

    Take care,

    Paul
    oh dear, indeed !

    what do you mean by edge security ? What I did is I tried it with one of the wireless access points and then I deleted it completely out of key chain access and also made sure it wasn't in the network section in system prefs.

    If we were to get os x server ( open directory ) have you got a guide on how we would do it ?

    haven't heard from you in a while @ kingswood

  14. #14

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,607
    Thank Post
    514
    Thanked 2,441 Times in 1,889 Posts
    Blog Entries
    24
    Rep Power
    828
    Quote Originally Posted by gecko View Post
    oh dear, indeed !

    what do you mean by edge security ? What I did is I tried it with one of the wireless access points and then I deleted it completely out of key chain access and also made sure it wasn't in the network section in system prefs.

    If we were to get os x server ( open directory ) have you got a guide on how we would do it ?

    haven't heard from you in a while @ kingswood
    Edge security is some form of controlling device access to the network - such as NAC by cisco, or mac based filtering (which isn't actually that secure, it is just a deterant) or something like that.

SHARE:
+ Post New Thread

Similar Threads

  1. Why Leopard Isn't Better than Vista
    By ZeroHour in forum General Chat
    Replies: 18
    Last Post: 8th January 2008, 09:33 AM
  2. iMacs & Airport/Wireless
    By tech_guy in forum Mac
    Replies: 3
    Last Post: 11th December 2007, 03:40 PM
  3. Glasgow Airport
    By timbo343 in forum General Chat
    Replies: 47
    Last Post: 4th July 2007, 07:45 AM
  4. Leopard
    By HodgeHi in forum Mac
    Replies: 5
    Last Post: 8th August 2006, 08:51 PM
  5. Leopard Screenshots
    By dagza in forum Mac
    Replies: 0
    Last Post: 30th July 2006, 03:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •