Description of problem: Not crazy about storing my Kerberos password in the keyring, but hate having to enter the group password every time. So could you separate them so I could have one or both stored in the keyring? Dan
The gnome-keyring should be secure enough to store your password, otherwise we need to fix gnome-keyring. Btw, your VPN provider need not to use your kerberos password - suggest to complain to them (the fact that vpnc is rather insecure in it's current incarnation is another matter that speaks for this case). Reassigning to NetworkManager maintainer.
This is not necessarily about trusting the gnome keyring or not. The group password is not really a password in the classic sense, more something like a preshared key between the ipsec server and the client. Most people using a vpn client do not know it, since it is contained in the distributed .pcf files (albeit obfuscated). So this may be more a case of "I do not want the tool to remember my password" (for policy reasons or personal paranoia or whatever reason). This is currently not possible, since it requires knowledge of the group password. As it happens I have some code to import the group password from .pcf files (and deobfuscating it), but I am unsure how to add this to NM-vpnc, since I can not just add the group password into the keyring at import time. If I read the code right NM-vpnc expects to read the user password and the group password from the keyring, or nothing at all.
Taking ownership.
I agree with the idea. In my case, the main password is a use-once password provided by a cardkey, so storing it doesn't make much sense. The group password, otoh, can be saved. I'll try to come up with a patch.
Wrote a patch for this, will test and release soon. Patch reported upstream at http://bugzilla.gnome.org/show_bug.cgi?id=363918
Looks like this is working with Fedora Core 6 NetworkManager-vpnc but it is missing the dependency of lzo package. Noticed that storing the group password tick box came into VPN login gui after I installed lzo package. Nice work in making the vpn work this way though.
Jukka, I'm not seeing this dependency on my end. NetworkManager-vpnc works fine without the lzo package, as far as i tell. This might have been some timing issue here. The VPN login gui is actually a seperate executable (/usr/libexec/nm-vpnc-auth-dialog)
It works great otherwise, but the ability to store the group password is not available on fc6 unless you have lzo installed.
Jukka, can you investigate further ? I can't reproduce your scenario. I don't have lzo installed, and the group password store works just fine for me (as a matter of fact, I'm connected on my work vpn now)... (that's on fc6).
Released for FC-6 and 7.
Curious, now it's there even without lzo. On a fresh install though I didn't have it there until I installed lzo. Must have been something else. :)