Re: vpn password stored in plain text

From: Olaf Hering <olaf aepfle de>
To: networkmanager-list gnome org
Subject: Re: vpn password stored in plain text
Date: Mon, 28 Sep 2015 19:59:42 +0200

Am 28.09.2015 um 18:09 schrieb Dan Williams:

Yes, that is correct.  Although best practices suggest full-disk
encryption on anything that can walk away, plus two-factor "something
you know and something you have" for VPNs.  But yes, setting the flags
in the file and removing the password should ensure that the password is
not stored on-disk.  You can also set the flags to '1' (agent-owned) and
the common agents like GNOME and KDE will store the password in their
respective keyrings/wallets that is protected by another password.


I poked around in nm-connection-editor and realized that the icon on the
right side of the password fields is actually a mode selector. Now the
setting is "ask always", which wipes the password string from /etc.

Thanks again!

Olaf

References:
- vpn password stored in plain text
  - From: Olaf Hering
- Re: vpn password stored in plain text
  - From: Dan Williams
- Re: vpn password stored in plain text
  - From: Olaf Hering
- Re: vpn password stored in plain text
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]