On Tue, Jun 21, 2011 at 8:04 AM, Darren Albers <[email protected]> wrote: > On Tue, Jun 21, 2011 at 1:08 AM, Dan Williams <[email protected]> wrote: >> On Mon, 2011-06-20 at 17:18 +0530, Ritesh Khadgaray wrote: >>> Hi >>> >>> >>> On Sat, Jun 18, 2011 at 7:57 AM, Darren Albers <[email protected]> wrote: >>> > While doing some research I noticed that wireless keys are located >>> > unencrypted in /etc/sysconfig/network-scripts It even does this when >>> > I set the wireless to not be a system-connection. It used to be that >>> > wireless keys were stored in the keyring which seems much safer to me >>> > than storing them locally unencrypted. >>> >>> interesting, I am not an nm developer but this seems to stem from keyfile >>> plugin >>> and relies on file selinux label/permission for protection. >>> >>> I also do not see an option to not save the password. >> >> Correct, the passwords are not encrypted because there is no user >> available to provide passwords. The passwords are, however, only >> visible too 'root' and thus should be protected; if your root user is >> compromised you're hosed. This is also how existing system have worked >> for years, so NM certainly isn't a regression here. >> >> You can also opt to keep your secrets in the user keyring, which is >> accomplished by "secret flags". For example, if you set 'psk-flags=0x1' >> in the keyfile for a WPA-PSK connection, then NM will ask a user agent >> (like nm-applet) for the password instead of keeping it in /etc. This >> option is only exposed for 802.1x and LEAP passwords though (via the >> "Always ask for this password" checkbox) because only those password >> types are really personal passwords; a WPA-PSK or WEP key really isn't >> personal. >> >> VPN connections also default to having secrets owned by the user's >> session in a keyring. >> >> Dan >> >> > > Thank you Dan! It sounds like I am incorrect but I used to recall > that if a connection was not a system connection that the key would be > stored in the keyring and that was the default. Is that not the case > any longer? > > Thank you! >
Dan, Sorry to add more questions but adding that to either the keyfile or the ifcfg did not seem to help. Is there a specific syntax I should be using or possibly a man page I can look at? I didn't see much detail in man NetworkManager or man NetworkManager.conf Thank you! _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
