On Fri, 11 Mar 2011 20:09:03 -0600 Dan Williams wrote: > On Fri, 2011-03-11 at 20:04 +0300, Mikhail Efremov wrote: > > On Thu, 10 Mar 2011 11:00:43 -0600 Dan Williams wrote: > > > I've tagged and uploaded 0.8.996 which has a number of fixes: > > > > Could you explain how the secret agent in nm-applet should work? > > I guess that users' secrets should be stored in some storage like > > gnome-keyring, but now I see that WPA passphrase (as an example) is > > written to the file by keyfile plugin as a plain text. Do I misunderstand > > something or it is just not completed yet? > > At the moment, 0.8 imported connection secrets are marked "agent owned" > which means that NM will ask nm-applet for those secrets. New > connections from the menu default to system-wide and thus the secrets > are stored in the keyfiles, more closely aligned with what other OSes > do, for better or worse. If an applet (nm-applet or > nm-connection-editor or whatever) wants secrets stored in gnome-keyring > or in the user's session it can set the secrets flags when it creates > the connection, or it can modify the flags afterwards via Update(). > > This isn't all 100% thought out yet, so suggestions on how to handle > initial stuff like this, as well as later behavior would be great to > discuss. I've thought of various approaches like intelligent defaults > (VPN connections should default to user-secrets and should be visible > only to the owner for example) and maybe a right-click menu in editors > for picking where to store the secrets. > > But I think it's possible to have some intelligent defaults here, and > those likely include defaulting to system-wide secrets for most types. > There are clearly more personal secrets: VPN passwords, 802.1x user > passwords, etc.
Thanks for the explanation. Defaults to user-secrets for VPN connections and to system-wide in other cases sounds reasonable for me. I think at the moment will be enough if secrets for the new VPN connections which are not marked as system-wide, will be stored in the gnome-keyring. But now it is not works in any case (using pptp plugin as an example, NetworkManager, nm-applet and network-manager-pptp are compiled from latest git): Checkbox "Available to all users" is not checked: # grep -A2 vpn-secrets /etc/NetworkManager/system-connections/pptp-private [vpn-secrets] password=(null) Checkbox "Available to all users" is checked: # grep -A2 vpn-secrets /etc/NetworkManager/system-connections/pptp-system-wide # So there is no vpn-secrets section in keyfile in that case. > But I think it's hard to argue that keeping a WiFi > passphrase in the user session is worthwhile in most cases... I thought about this and now think you're right. -- WBR, Mikhail Efremov _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list
