Re: NetworManager and openconnect: using cookies

From: Dan Williams <dcbw redhat com>
To: muriloo br ibm com
Cc: "ebarkie us ibm com" <ebarkie us ibm com>, David Woodhouse <dwmw2 infradead org>, "networkmanager-list gnome org" <networkmanager-list gnome org>, openconnect-devel lists infradead org
Subject: Re: NetworManager and openconnect: using cookies
Date: Fri, 08 Oct 2010 22:49:34 -0500

On Fri, 2010-10-08 at 11:03 -0300, muriloo br ibm com wrote:
> David Woodhouse <dwmw2 infradead org> wrote on 10/01/2010 11:42:31 PM:
> 
> > David Woodhouse <dwmw2 infradead org> 
> > 10/01/2010 11:42 PM 
> > 
> > To 
> > 
> > "muriloo br ibm com" <muriloo br ibm com> 
> > 
> > cc 
> > 
> > "networkmanager-list gnome org" <networkmanager-list gnome org>, 
> > "ebarkie us ibm com" <ebarkie us ibm com>, openconnect-
> > devel lists infradead org 
> > 
> > Subject 
> > 
> > Re: NetworManager and openconnect: using cookies 
> > 
> > Tbanks; this looks good.
> > 
> > But we should really be using gnome-keyring for storing the cookie,
> not
> > gconf. That way it's much less likely that it'll 'leak'. I think we
> can
> > get away with enabling this behaviour by default then.
> > 
> > We should probably make some attempt to remember the lifetime of the
> > cookie too, so we don't try to use it when we *know* it's already
> timed
> > out.
> > 
> > > I'm stuck on this step: if it fails on cookie, jump to ask
> > > username/password inputs from user. It always tries to use cookie.
> > 
> > Yeah, I suspect it's best to try to validate the cookie directly,
> rather
> > than passing it to openconnect and praying. We can implement a
> > 'test-cookie' option in (lib)openconnect, which can either try a
> CONNECT
> > request, or hopefully there's a way to use the cookie with an HTTP
> GET
> > request that'll tell us if it's working too.
> > 
> > Not sure about sending SIGKILL immediately -- that may upset the
> people
> > who had the issues which made me implement the BYE packet in the
> first
> > place. Perhaps we need an option to avoid the BYE on disconnect
> (which
> > would be nice in other situations too).
> > 
> > -- 
> > dwmw2
> > 
> 
> Hi guys, 
> 
> Thanks for your reply David. 
> 
> I think we could implement keyring support for password first and
> after 
> implement a function to test if cookie is still valid and save cookie
> in 
> gnome-keyring either. 
> 
> For now, I've drafted a patch to add gnome-keyring support for user's 
> password. Please refer to the attachment
> openconnect-add-gnome-keyring-support.patch 
> 
> Feel free to make any comments about it. I'd be glad to improve it. 

Whenever you feel its good enough David, feel free to push to git if you
have access.  If not let me know.

Dan

References:
- NetworManager and openconnect: using cookies
  - From: muriloo
- Re: NetworManager and openconnect: using cookies
  - From: David Woodhouse
- Re: NetworManager and openconnect: using cookies
  - From: muriloo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]