> On Lis. 12, 2015, 2:47 odp., Lamarque Souza wrote: > > I still do not get the reason for this. If a connection is of type system > > then NetworkManager will store its secrets (in plain text in most cases), > > that is a security risk and there will be no kwallet involved. Even if you > > uncheck "All users may connect to this network" and selects all users (is > > that what you want?), that also means any user will be able to read the > > password. > > Jan Grulich wrote: > NM doesn't work that way, if you allow to a connection to be available > for all users and set the password as agent-owned, then NM won't store it in > its storage in plain text, it will just make the connection available/visible > for everyone, but once someone else try to active it, NM will prompt for a > password. > > The reason for this is, when you run LiveCD and create connection as > system connection, it will be created in > /etc/NetworkManager/system-connections and should be copied during > installation from the LiveCD and later available on the newly installed > system (just the password will be missing if it's stored into KWallet for > liveuser). There shouldn't be any security risk because I changed how > plasma-nm chooses password storage in Plasma 5.5 and it no longer depends on > whether the connection is available for everyone or not.
Hmm, I just tried that and it even doesn't work that way I thought it does. I was expecting the new connection in /etc/NetworkManager/system-connections which is not. Permissions are set properly so the connection is available for everyone and the password was stored into KWallet, however it doesn't do that thing we wanted it to do. I'll ask NM devs about that and will respond later. - Jan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126041/#review88294 ----------------------------------------------------------- On Lis. 12, 2015, 11 dop., Jan Grulich wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/126041/ > ----------------------------------------------------------- > > (Updated Lis. 12, 2015, 11 dop.) > > > Review request for Network Management and Lamarque Souza. > > > Repository: plasma-nm > > > Description > ------- > > See summary, nm-connection-editor also have this by default. Reason for this > are LiveCDs, where when you create system connections then they should be > also in the installed system. Making all connections available for all also > shouldn't be a problem due to security reasons because passwords are still > saved into KWallet by default just for one user. > > > Diffs > ----- > > libs/editor/connectiondetaileditor.cpp 7370bbb > libs/editor/settings/ui/connectionwidget.ui 3111b54 > libs/handler.cpp 20db520 > > Diff: https://git.reviewboard.kde.org/r/126041/diff/ > > > Testing > ------- > > > Thanks, > > Jan Grulich > >
_______________________________________________ kde-networkmanager mailing list [email protected] https://mail.kde.org/mailman/listinfo/kde-networkmanager
