Re: Where does NM store its VPN configurations?

From: Dan Williams <dcbw redhat com>
To: Derek Atkins <warlord MIT EDU>
Cc: Derek Atkins <derek ihtfp com>, networkmanager-list gnome org
Subject: Re: Where does NM store its VPN configurations?
Date: Thu, 18 Aug 2011 14:30:19 -0500

On Thu, 2011-08-18 at 12:48 -0400, Derek Atkins wrote:
> Dan Williams <dcbw redhat com> writes:
> 
> > On Wed, 2011-08-10 at 12:51 -0400, Derek Atkins wrote:
> >> On Wed, August 10, 2011 12:33 pm, Bin Li wrote:
> >> > On Wed, Aug 10, 2011 at 6:29 PM, Derek Atkins <warlord mit edu> wrote:
> >> >> Hey all,
> >> >>
> >> >> I just migrated from one laptop to another (both running Fedora 15).  I
> >> >> completely copied my homedir over and all my wireless configuration
> >> >> remained but for some reason I don't see any of my previous VPN
> >> >> configurations on the new system.  Where does NM store it, and how do I
> >> >> copy it over?
> >> > Maybe you could check /etc/NetworkManager/system-connections/
> >> 
> >> Aha, perfect.  Thank you!
> >> 
> >> Going from F12 -> F15 it moved with my homedir, but in F15 it somehow got
> >> moved from my homedir -> system-connections.  I've noted this for the
> >> future.
> >
> > ifcfg files have no provision for VPN stuff, so yeah, we have to stuff
> > them into system-connections/.
> 
> Sure, but previously it was stored in my personal gconf settings.  Which
> made sense -- VPN configs were tied to me, not to the system.  All my
> wireless configs are stored in gconf, so why move VPN configs but not
> wireless configs?

NM 0.9 (F15+) moves all storage of configuration to /etc in an effort to
simplify the architecture, configuration, and permissions/authorization.
When the applet first starts, it'll copy your user connections from
GConf into /etc, but it should *not* copy passwords; those are still
stored in your user session keyring and should not be written to /etc.

Connections now have the option of storing passwords in /etc or in each
user's keyring.  If you look in the connection files you'll see items
like 'psk-flags' which indicates where the secret is stored.  Missing or
0 == stored in /etc, 1 = stored in user session, 2 = don't save it but
always ask.

Connections can also be locked to one or more users specifically; you'll
see this in the [connection] section with the "permissions" item.  If it
reads:

permissions=user:dcbw,user:derek

then that connection is only visible, and only usable, by those two
users.  In combination with storing secrets either in /etc or in the
user's session, that provides more flexibility for administrators and
users with NetworkManager 0.9.

Again, if on your *old* connections that got imported, you see passwords
stored in /etc, that's most likely a bug and should not have happened.
However, note that if you upgraded to F15 on your machine earlier this
summer (say, before July) there were bugs with this process that may
result in passwords in /etc, which were later fixed.

Dan

References:
- Where does NM store its VPN configurations?
  - From: Derek Atkins
- Re: Where does NM store its VPN configurations?
  - From: Bin Li
- Re: Where does NM store its VPN configurations?
  - From: Derek Atkins
- Re: Where does NM store its VPN configurations?
  - From: Dan Williams
- Re: Where does NM store its VPN configurations?
  - From: Derek Atkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]