Bug 177308
Summary: | Would like to store group password, but not my Password. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Walsh <dwalsh> |
Component: | NetworkManager-vpnc | Assignee: | Denis Leroy <denis> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | extras-qa, jpalko, nalin, redhat-bugzilla |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-08 14:39:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Walsh
2006-01-09 14:26:01 UTC
The gnome-keyring should be secure enough to store your password, otherwise we need to fix gnome-keyring. Btw, your VPN provider need not to use your kerberos password - suggest to complain to them (the fact that vpnc is rather insecure in it's current incarnation is another matter that speaks for this case). Reassigning to NetworkManager maintainer. This is not necessarily about trusting the gnome keyring or not. The group password is not really a password in the classic sense, more something like a preshared key between the ipsec server and the client. Most people using a vpn client do not know it, since it is contained in the distributed .pcf files (albeit obfuscated). So this may be more a case of "I do not want the tool to remember my password" (for policy reasons or personal paranoia or whatever reason). This is currently not possible, since it requires knowledge of the group password. As it happens I have some code to import the group password from .pcf files (and deobfuscating it), but I am unsure how to add this to NM-vpnc, since I can not just add the group password into the keyring at import time. If I read the code right NM-vpnc expects to read the user password and the group password from the keyring, or nothing at all. Taking ownership. I agree with the idea. In my case, the main password is a use-once password provided by a cardkey, so storing it doesn't make much sense. The group password, otoh, can be saved. I'll try to come up with a patch. Wrote a patch for this, will test and release soon. Patch reported upstream at http://bugzilla.gnome.org/show_bug.cgi?id=363918 Looks like this is working with Fedora Core 6 NetworkManager-vpnc but it is missing the dependency of lzo package. Noticed that storing the group password tick box came into VPN login gui after I installed lzo package. Nice work in making the vpn work this way though. Jukka, I'm not seeing this dependency on my end. NetworkManager-vpnc works fine without the lzo package, as far as i tell. This might have been some timing issue here. The VPN login gui is actually a seperate executable (/usr/libexec/nm-vpnc-auth-dialog) It works great otherwise, but the ability to store the group password is not available on fc6 unless you have lzo installed. Jukka, can you investigate further ? I can't reproduce your scenario. I don't have lzo installed, and the group password store works just fine for me (as a matter of fact, I'm connected on my work vpn now)... (that's on fc6). Released for FC-6 and 7. Curious, now it's there even without lzo. On a fresh install though I didn't have it there until I installed lzo. Must have been something else. :) |