On Tue, 2008-10-21 at 23:53 -0400, Mathieu Trudel-Lapierre wrote: > Dan, > > I finally got something together, following some of the ideas you > pointed out. I've also done a slight change to the auth dialog to not > show the passwords that are already known in the keyring, unless it's > in a "reprompt" situation (although I haven't been able to test it > without manually calling nm-vpnc-auth-dialog...), and to always prompt > for a password that is marked as "otp" although it may already be > saved in the keyring. > > It's a pretty crude patch, I realize it will need some rework, but if > someone could test it out and let me know what parts to look at.. :) > > Right now, I really don't think the "unused" cases work properly, but > I'm still looking into it -- I just don't have an easy way to test > that case.
Fixed up and committed, thanks! Dan > Patch is attached, one gziped file and one .patch: > > 01-password-types.patch.gz > 01-vpnc-auth-password-types.patch > > / Matt > > On Sun, Oct 12, 2008 at 10:04 PM, Dan Williams <[EMAIL PROTECTED]> wrote: > > On Sat, 2008-10-11 at 11:22 -0400, Mathieu Trudel-Lapierre wrote: > >> Dan, > >> > >> Actually one other little question. How much use do you think there is > >> for this kind of feature? Do you regularly hear about this, or is it > >> more a user here and there? > > > > There are open bug reports for both of these and I've heard about > > interactive auth mode and hybrid auth support from a number of people. > > It was certainly on my list to do when I had the time. But hey, if > > patches show up first... :) > > > > Dan > > > >> / Matt > >> > >> On Thu, Oct 9, 2008 at 12:05 PM, Dan Williams <[EMAIL PROTECTED]> wrote: > >> > On Thu, 2008-10-09 at 09:15 -0400, Mathieu Trudel-Lapierre wrote: > >> >> Hi, > >> >> > >> >> First, my apologies for pushing for this, since I believe the > >> >> interested parties are probably already notified through bugzilla on > >> >> this... > >> > > >> > So the reason this didn't get merged in the first place is that when > >> > this is used, the auth dialog looks like ass. Having _3_ buttons there > >> > has confused every user I've ever seen, and makes me read things a few > >> > times whenever I get the dialog. It's just bad UI. Plus, it's not > >> > something you can change in the connection editor out-of-band from > >> > authentication. That's not to say it doesn't fill a need and fix the > >> > bug, but the solution is not one I'd like to have upstream. > >> > > >> > Instead, we need a better solution. We have two passwords, the user > >> > password and the group password. Each password has 3 different types: > >> > > >> > u s e r > >> > | static | unused | OTP > >> > ------|----------|----------|------ > >> > g static| Y | Y | Y > >> > r ------|----------|----------|------ > >> > o unused| Y | X | ? > >> > u ------|----------|----------|------ > >> > p OTP | Y | Y | ? > >> > ------|----------|----------|------ > >> > > >> > Legend: > >> > Y = I've heard of it being used > >> > X = Pointless > >> > ? = I don't know if this is used by anyone > >> > > >> > The cases where you don't want to save passwords in the keyring are the > >> > OTP/RSA and the "unused" cases. > >> > > >> > Here's my solution: for each of the group and user password entries, > >> > have a small popup menu behind each on in the main config dialog like > >> > so: > >> > > >> > .------------------------. .------------. > >> > User Password: | i4mvrl1337&^% | | Default |V| > >> > `------------------------' `------------' > >> > .------------------------. .------------. > >> > Group Password: | my-GrOuP-PassWORD | | Default |V| > >> > `------------------------' `------------' > >> > > >> > Where the combo box has the following items: > >> > > >> > Default (ie, static password that rarely changes) > >> > Interactive (ie, RSA dongles) > >> > Unused (ie, no password required and nothing saved to keyring) > >> > > >> > It always defaults to "Default" (ie, static) so most peoples configs > >> > will work, but you have to option to change it for your config. > >> > > >> > Note that Interactive authentication can't be used yet anyway because we > >> > don't support challenge-based authentication that it requires, which > >> > will come after 0.7 when I can rework the VPN cleanup patch I've talked > >> > about before, and will require > >> > > >> > If somebody came up with the UI patch to do this, that would be awesome > >> > and I'd commit it. It would additionally mean adding two keys to the > >> > vpnc plugin's GConf data (user-password-type and group-password-type) > >> > which would then have to be added to the nm-vpnc-service's validation > >> > code and used internally if required, but that's pretty easy. These > >> > keys would store the password type (as a string) so that the auth dialog > >> > would know when to save which passwords and which password entry widgets > >> > to disable/desensitize when the user had selected "unused". > >> > > >> > Thoughts? > >> > > >> > Next, we get to add authentication types to the client to support Hybrid > >> > Auth mode. Not sure if you can use all the normal Xauth stuff (like > >> > interactive) with the hybrid auth mode as well, but I have to assume you > >> > can. > >> > > >> > Dan > >> > > >> > > >> > >> > >> > > > > > > > _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
