On Tue, Jun 21, 2011 at 1:08 AM, Dan Williams <[email protected]> wrote: > On Mon, 2011-06-20 at 17:18 +0530, Ritesh Khadgaray wrote: >> Hi >> >> >> On Sat, Jun 18, 2011 at 7:57 AM, Darren Albers <[email protected]> wrote: >> > While doing some research I noticed that wireless keys are located >> > unencrypted in /etc/sysconfig/network-scripts It even does this when >> > I set the wireless to not be a system-connection. It used to be that >> > wireless keys were stored in the keyring which seems much safer to me >> > than storing them locally unencrypted. >> >> interesting, I am not an nm developer but this seems to stem from keyfile >> plugin >> and relies on file selinux label/permission for protection. >> >> I also do not see an option to not save the password. > > Correct, the passwords are not encrypted because there is no user > available to provide passwords. The passwords are, however, only > visible too 'root' and thus should be protected; if your root user is > compromised you're hosed. This is also how existing system have worked > for years, so NM certainly isn't a regression here. > > You can also opt to keep your secrets in the user keyring, which is > accomplished by "secret flags". For example, if you set 'psk-flags=0x1' > in the keyfile for a WPA-PSK connection, then NM will ask a user agent > (like nm-applet) for the password instead of keeping it in /etc. This > option is only exposed for 802.1x and LEAP passwords though (via the > "Always ask for this password" checkbox) because only those password > types are really personal passwords; a WPA-PSK or WEP key really isn't > personal. > > VPN connections also default to having secrets owned by the user's > session in a keyring. > > Dan > >
Thank you Dan! It sounds like I am incorrect but I used to recall that if a connection was not a system connection that the key would be stored in the keyring and that was the default. Is that not the case any longer? Thank you! _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
