Re: Passwords, stored in Gnome Keyring and KWallet

[Michael Albinus]

Ted Zlatanov <address@hidden> writes:

> Michael, I left a TODO in the manual for explaining secrets.el.

I'm sitting with this, it is not so easy.

The crucial point is how to populate the Gnome Keyring with valid
entries. For .authinfo files it is obvious, "edit the file".

One option would be to explain `secrets-create-item'. But that's not
convenient; a user who wants to access her imap account via gnus would
dislike it.

And it is not the intention of a password database like Gnome Keyring
(or KDE Wallet, or Firefox Password Manager, ...). Those databases let
their clients store passwords on the fly.

Consequently, auth-source.el shall offer such an interface. Something
like

(defun auth-source-create (host password &optional user protocol)
  "Create a new entry in the password database for accessing HOST.
PASSWORD is the credential needed for authentication.  If USER is
nil, PASSWORD will be applied for all users.  PROTOCOL can
restrict the authentication for access methods, like \"imap\"
or \"ssh\".
The password databases as defined in `auth-sources' will be
checked in order to find the best fit according to the arguments.
Note, that only password databases of the Secret Service API will be
taken into account, authinfo like flat files will not be used for
creation of new entries.")

A typical client library would have code like this:

(let ((password (auth-source-user-or-password "password" server port user)))
  (unless password
    (setq password (read-passwd "Password: "))
    (auth-source-create server password user port))
  password)

What do you think about?

> Thanks
> Ted

Best regards, Michael.