Re: vpn password stored in plain text
- From: Dan Williams <dcbw redhat com>
- To: Olaf Hering <olaf aepfle de>
- Cc: networkmanager-list gnome org
- Subject: Re: vpn password stored in plain text
- Date: Mon, 28 Sep 2015 10:00:09 -0500
On Mon, 2015-09-28 at 09:32 +0200, Olaf Hering wrote:
Why is the VPN password stored in plain text in
/etc/NetworkManager/system-connections? Is there a way to let the GUI
ask for it every time?
Note that the file is read-only by root. If somebody has root on your
machine, they can do a lot more than read your password. It's stored
there because no "password flags" have been set for the password that
tell NM where to get it from.
If you set the "agent-owned" flag and the "always ask" flags on the
password, either through the GUI or by editing the file in /etc, then NM
will ask an agent for the password every time. Most desktop
environments have an agent (eg, GNOME and KDE have their own) and
there's also nm-applet.
For vpnc for example, the user password is "xauthpassword" and the
corresponding item to ask for it every time would be
"xauthpassword-flags=3". For OpenVPN the user password is "password"
and the corresponding item to ask for it every time is
"password-flags=3".
See also 'man nm-settings' and look for the "Secret flag types" section
near the bottom.
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]