On Mon, 2015-09-28 at 09:32 +0200, Olaf Hering wrote: > Why is the VPN password stored in plain text in > /etc/NetworkManager/system-connections? Is there a way to let the GUI > ask for it every time?
Note that the file is read-only by root. If somebody has root on your machine, they can do a lot more than read your password. It's stored there because no "password flags" have been set for the password that tell NM where to get it from. If you set the "agent-owned" flag and the "always ask" flags on the password, either through the GUI or by editing the file in /etc, then NM will ask an agent for the password every time. Most desktop environments have an agent (eg, GNOME and KDE have their own) and there's also nm-applet. For vpnc for example, the user password is "xauthpassword" and the corresponding item to ask for it every time would be "xauthpassword-flags=3". For OpenVPN the user password is "password" and the corresponding item to ask for it every time is "password-flags=3". See also 'man nm-settings' and look for the "Secret flag types" section near the bottom. Dan _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list