Hide Forgot
Description of problem: NM remembers VPNC passpharases (in memory) no matter whether or not the box is checked in the dialog. Furthermore, it remembers them (and keeps using them without interaction) even if they're wrong and the login fails. Version-Release number of selected component (if applicable): NetworkManager-0.7.0-0.3.svn2970.fc8 NetworkManager-vpnc-0.7.0-0.2.svn2970.fc8
Related to http://bugzilla.gnome.org/show_bug.cgi?id=363918 I need to rewrite the patch to store the actual password storing preference in GConf. Right now, it will set the preference based on whether it finds the keys in the gnome keyring. The workaround is to open the gnome keyring editor and delete the keys manually.
In this case, the keys weren't in the keyring.
I just spent some time on this, and it's more complicated that I had hoped. The keys are indeed kept in memory, by the call to nm_connection_update_secrets(). So when the vpnc plugin need_secrets() implementation (in nm-vpnc-service) is called a 2nd time, it finds the secret in the VPNProperties hash table and answers "no secrets needed!". In a way, this is redundant with the authorization dialog own password storing mechanism (in the gnome keyring), except of course this will always fail if the passwords are wrong or if you use one-time passwords. If I patch nm-vpnc-service to always return false in need_secrets(), any subsequent reconnects will indeed show the authorization dialog as it should. Unfortunately the connection still fails a couple of seconds later with NetworkManager: <WARN> connection_state_changed(): Could not process the request because no VPN connection was active. and the quit signal is sent to nm-vpnc-service even before you have a chance to type anything into the authorization dialog. This sounds to me more like a NM state machine issue, so maybe this should be refiled under NM. Dan, any comments ?
*** Bug 397691 has been marked as a duplicate of this bug. ***
Dan, ping ?
Something in NM that doesn't happen (but should) is that NM should clear the connection secrets on the internal connection after it has successfully connected, which would make NM always ask the applet for the secrets when needed. Pretty trivial to fix upstream, just hadn't gotten there yet.
Based on the date this bug was created, it appears to have been reported during the development of Fedora 8. In order to refocus our efforts as a project we are changing the version of this bug to '8'. If this bug still exists in rawhide, please change the version back to rawhide. (If you're unable to change the bug's version, add a comment to the bug and someone will change it for you.) Thanks for your help and we apologize for the interruption. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again.
Dunno why this is in RELEASE_PENDING. It's still in both F8 and rawhide.
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Bill, please modify the connection in the connection editor to "always ask" for the passwords you don't want to save in the keyring.
Dan, I tried it, and it works, but the default settings should be "always ask" IMHO. Remembering passwords by default is very bad practice.
Hm, at this point, I'm OK with remembering for the session, just not remembering them if they're wrong. I'll test with the new update NM later today.
Is this still an issue with latest NM and vpnc? The vpnc bits were changed before Christmas to let the user specify always asking for the password, irregardless of the keyring. NetworkManager-0.7.0-1.git20090102 NetworkManager-vpnc-0.7.0-1.svn13 In the connection editor for the VPN connection, look for the popup menus next to each password and pick the one you want.
Yes, thsi works now.