Re: vpn password stored in plain text



Am 28.09.2015 um 18:09 schrieb Dan Williams:
Yes, that is correct.  Although best practices suggest full-disk
encryption on anything that can walk away, plus two-factor "something
you know and something you have" for VPNs.  But yes, setting the flags
in the file and removing the password should ensure that the password is
not stored on-disk.  You can also set the flags to '1' (agent-owned) and
the common agents like GNOME and KDE will store the password in their
respective keyrings/wallets that is protected by another password.

I poked around in nm-connection-editor and realized that the icon on the
right side of the password fields is actually a mode selector. Now the
setting is "ask always", which wipes the password string from /etc.

Thanks again!

Olaf


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]