On Mon, 2011-06-20 at 17:18 +0530, Ritesh Khadgaray wrote: > Hi > > > On Sat, Jun 18, 2011 at 7:57 AM, Darren Albers <dalb...@gmail.com> wrote: > > While doing some research I noticed that wireless keys are located > > unencrypted in /etc/sysconfig/network-scripts It even does this when > > I set the wireless to not be a system-connection. It used to be that > > wireless keys were stored in the keyring which seems much safer to me > > than storing them locally unencrypted. > > interesting, I am not an nm developer but this seems to stem from keyfile > plugin > and relies on file selinux label/permission for protection. > > I also do not see an option to not save the password.
Correct, the passwords are not encrypted because there is no user available to provide passwords. The passwords are, however, only visible too 'root' and thus should be protected; if your root user is compromised you're hosed. This is also how existing system have worked for years, so NM certainly isn't a regression here. You can also opt to keep your secrets in the user keyring, which is accomplished by "secret flags". For example, if you set 'psk-flags=0x1' in the keyfile for a WPA-PSK connection, then NM will ask a user agent (like nm-applet) for the password instead of keeping it in /etc. This option is only exposed for 802.1x and LEAP passwords though (via the "Always ask for this password" checkbox) because only those password types are really personal passwords; a WPA-PSK or WEP key really isn't personal. VPN connections also default to having secrets owned by the user's session in a keyring. Dan _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list