Re: The gnome-keyring's location for vpn-plugins change?

[Dan Williams <dcbw redhat com>]

On Mon, 2008-04-14 at 19:02 +0800, Charles Li wrote:
> Hi,
> 
>  I found that vpn-daemons/vpnc's auth-dialog don't use the
> "gnome_keyring_set_network_password_sync", and use the
> "gnome_keyring_item_create_sync" for save gnome-keyring,

Yes; because the password is really a generic password and not a
"network" password as such.  We need to attach more attributes to the
key than what the network password stuff will allow.  I'd suggest _not_
using the network password helpers.

>  Is there any standard for add some keyring attributes with
> "gnome_keyring_attribute_list_append_string"? Or we could add any key
> attributes what we need?

The VPN plugin gets to add whatever attributes it wants to, since the
VPN plugin is responsible for figuring out how to pull the correct
secrets back out of the keyring.  It just happens that the vpnc plugin
uses the same keyring key format as the applet itself does, but that's
just because I wrote most of those bits and I also wrote a lot of the
applet too :)

>  BTW, I found adding the vpn_id parameter for auth-dialog, the
> vpn_name and vpn_service doesn't used again in save_vpn_password, do
> we need delete these parameter?

Basically, your VPN plugin needs to have a way to match up the ID, name,
and service name with the stored keys in the keyring.  That's what the
new ID allows you to do.  Users can change connection names all they
want, which caused the VPN plugins and normal connections to forget
their secrets since they couldn't be located anymore.  The connection ID
stays the same across connection renames, and thus the ID is what you
should use to store your saved VPN passwords with.

Dan