Re: NetworkManager pptp
- From: Dan Williams <dcbw redhat com>
- To: Antony J Mee <A J Mee ncl ac uk>
- Cc: Nikolaus Filus <nfilus cs tu-berlin de>, networkmanager list <networkmanager-list gnome org>
- Subject: Re: NetworkManager pptp
- Date: Tue, 13 Dec 2005 13:02:36 -0500
On Tue, 2005-12-13 at 17:15 +0000, Antony J Mee wrote:
> Sadly, I haven't quite figured out how I'm gonna get the username and
> password from the vpn-daemon to the pppd helper plugin infact I've just
> got my credentials hard coded in the plugin for testing!
If you did a dbus call in the pppd plugin against a service that your
pppd-vpn-service daemon provides, that would likely work.
The pppd-vpn-service daemon already knows the username and password,
since it got them from NetworkManager when NM exec-ed the daemon. In
the case of the vpnc-service daemon, it just writes these options to the
stdin of vpnc.
But in your case, the pppd-vpn-service daemon could just do whatever it
does to start the connection, but provide a dbus service that when
called, returns the password and username. The pppd plugin would then
call this dbus service and request the pass & user.
There are some things to think hard about here though, namely the
security of it. If you have a daemon providing a dbus service, unless
you lock it down anyone can call its methods. So you'd have to make
sure that you lock down the dbus policy for the service-daemon pretty
tight. If you restrict it to just 'root'/uid 0, any root app could ask
for the user and password. But then again, any 'root' app can do
horrible things to your system anyway. So this might be an acceptable
course of action.
Ideally this could be solved upstream in pppd. But at some point you
simply do best-effort to hide the username & password from view, keep
investigating how to do it better, and fix it a bit later.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
