Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)

From: Mikhail Efremov <mikhefr gmail com>
To: networkmanager-list gnome org
Subject: Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)
Date: Mon, 14 Mar 2011 20:43:00 +0300

On Fri, 11 Mar 2011 20:09:03 -0600 Dan Williams wrote:
> On Fri, 2011-03-11 at 20:04 +0300, Mikhail Efremov wrote:
> > On Thu, 10 Mar 2011 11:00:43 -0600 Dan Williams wrote:
> > > I've tagged and uploaded 0.8.996 which has a number of fixes:
> > 
> > Could you explain how the secret agent in nm-applet should work?
> > I guess that users' secrets should be stored in some storage like
> > gnome-keyring, but now I see that WPA passphrase (as an example) is
> > written to the file by keyfile plugin as a plain text. Do I misunderstand
> > something or it is just not completed yet?
> 
> At the moment, 0.8 imported connection secrets are marked "agent owned"
> which means that NM will ask nm-applet for those secrets.  New
> connections from the menu default to system-wide and thus the secrets
> are stored in the keyfiles, more closely aligned with what other OSes
> do, for better or worse.  If an applet (nm-applet or
> nm-connection-editor or whatever) wants secrets stored in gnome-keyring
> or in the user's session it can set the secrets flags when it creates
> the connection, or it can modify the flags afterwards via Update().
> 
> This isn't all 100% thought out yet, so suggestions on how to handle
> initial stuff like this, as well as later behavior would be great to
> discuss.  I've thought of various approaches like intelligent defaults
> (VPN connections should default to user-secrets and should be visible
> only to the owner for example) and maybe a right-click menu in editors
> for picking where to store the secrets.
> 
> But I think it's possible to have some intelligent defaults here, and
> those likely include defaulting to system-wide secrets for most types.
> There are clearly more personal secrets: VPN passwords, 802.1x user
> passwords, etc.  

Thanks for the explanation. Defaults to user-secrets for VPN
connections and to system-wide in other cases sounds reasonable for me.
I think at the moment will be enough if secrets for the new VPN
connections which are not marked as system-wide, will be stored in the
gnome-keyring.

But now it is not works in any case (using pptp plugin as an example,
NetworkManager, nm-applet and network-manager-pptp are compiled from latest git):
Checkbox "Available to all users" is not checked:
# grep -A2 vpn-secrets /etc/NetworkManager/system-connections/pptp-private
[vpn-secrets]
password=(null)

Checkbox "Available to all users" is checked:
# grep -A2 vpn-secrets /etc/NetworkManager/system-connections/pptp-system-wide
# 
So there is no vpn-secrets section in keyfile in that case.

> But I think it's hard to argue that keeping a WiFi
> passphrase in the user session is worthwhile in most cases...

I thought about this and now think you're right.

-- 
WBR, Mikhail Efremov

Follow-Ups:
- [PATCH] nm-pptp: Fix password saving/retrieving.
  - From: Mikhail Efremov

References:
- ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)
  - From: Dan Williams
- Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)
  - From: Mikhail Efremov
- Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]