Re: Handling of empty secrets

On Tue, 2011-04-05 at 12:19 -0300, José Queiroz wrote:
> Em 2011/4/5 Dan Williams <dcbw redhat com>
>                 What situations do you need these in? (empty secrets)
> Said you have a certificate-based VPN connection. As each VPN user
> have its own certificate, and certificate's key is password protected,
> one can assume that no further authentication is needed.

If the certificate is password protected then there's your secret: the
private key password that must be entered to unlock the private key.
I'm not really sure what purpose having a blank private key password
would solve here, given that it's pretty easy to figure out if the
private key is encrypted or not.  The openvpn plugin does this, there's
a function called "is_encrypted" that checks whether the private key is
indeed encrypted, and if so, it tells NM that it needs the private key
password to continue.  Or an I not understanding?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]