Re: NetworManager and openconnect: using cookies

From: David Woodhouse <dwmw2 infradead org>
To: "muriloo br ibm com" <muriloo br ibm com>
Cc: "ebarkie us ibm com" <ebarkie us ibm com>, "networkmanager-list gnome org" <networkmanager-list gnome org>, openconnect-devel lists infradead org
Subject: Re: NetworManager and openconnect: using cookies
Date: Sat, 02 Oct 2010 11:42:31 +0900

Tbanks; this looks good.

But we should really be using gnome-keyring for storing the cookie, not
gconf. That way it's much less likely that it'll 'leak'. I think we can
get away with enabling this behaviour by default then.

We should probably make some attempt to remember the lifetime of the
cookie too, so we don't try to use it when we *know* it's already timed
out.

> I'm stuck on this step: if it fails on cookie, jump to ask
> username/password inputs from user. It always tries to use cookie.

Yeah, I suspect it's best to try to validate the cookie directly, rather
than passing it to openconnect and praying. We can implement a
'test-cookie' option in (lib)openconnect, which can either try a CONNECT
request, or hopefully there's a way to use the cookie with an HTTP GET
request that'll tell us if it's working too.

Not sure about sending SIGKILL immediately -- that may upset the people
who had the issues which made me implement the BYE packet in the first
place. Perhaps we need an option to avoid the BYE on disconnect (which
would be nice in other situations too).

-- 
dwmw2

Follow-Ups:
- Re: NetworManager and openconnect: using cookies
  - From: muriloo

References:
- NetworManager and openconnect: using cookies
  - From: muriloo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]